Bug 2371272 (CVE-2024-47081)
| Summary: | CVE-2024-47081 requests: Requests vulnerable to .netrc credentials leak via malicious URLs | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abarbaro, adinn, adistefa, adudiak, agarcial, alinfoot, anthomas, aoconnor, aprice, asegurap, bbrownin, bdettelb, brasmith, caswilli, cochase, crizzo, dfreiber, dhanak, dnakabaa, doconnor, dranck, drosa, drow, dsimansk, dtrifiro, eglynn, ehelms, fzakkak, galder.zamarreno, ggainey, haoli, hkataria, jajackso, jburrell, jcammara, jchui, jdobes, jhe, jjoyce, jkoehler, jmitchel, jneedle, jsamir, jschluet, jtanner, juwatts, jwendell, jwong, jwright, kaycoth, kegrant, kgaikwad, kholdawa, kingland, koliveir, kshier, ktsao, kverlaen, lball, lbrazdil, lchilton, lcouzens, lgamliel, lhh, ljawale, lphiri, lsvaty, luizcosta, mabashia, matzew, mbabacek, mburns, mgarciac, mhulan, mminar, mnovotny, mskarbek, nboldt, ngough, nmoumoul, nweather, oezr, olubyans, omaciel, orabin, osousa, pakotvan, pbraun, pcreech, pgrist, pjindal, psrna, rbiba, rbobbitt, rbryant, rcernich, rchan, rfreiman, sausingh, sbiarozk, sdoran, sfeifer, sgehwolf, shvarugh, simaishi, smallamp, smcdonal, sskracic, stcannon, sthirugn, teagle, tfister, thavo, tmalecek, tpfromme, tqvarnst, ttakamiy, veshanka, vkrizan, vkumar, weaton, xiaoxwan, yguenane, zdohnal, zzhou |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2372471, 2372473, 2372477, 2372472, 2372474, 2372475, 2372476, 2372478, 2372479, 2375883, 2375884, 2375885, 2375886 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-06-09 19:01:12 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:12519 https://access.redhat.com/errata/RHSA-2025:12519 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:13234 https://access.redhat.com/errata/RHSA-2025:13234 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:13604 https://access.redhat.com/errata/RHSA-2025:13604 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:14750 https://access.redhat.com/errata/RHSA-2025:14750 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:14999 https://access.redhat.com/errata/RHSA-2025:14999 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:15121 https://access.redhat.com/errata/RHSA-2025:15121 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:15122 https://access.redhat.com/errata/RHSA-2025:15122 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:15618 https://access.redhat.com/errata/RHSA-2025:15618 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:15616 https://access.redhat.com/errata/RHSA-2025:15616 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:15617 https://access.redhat.com/errata/RHSA-2025:15617 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:15614 https://access.redhat.com/errata/RHSA-2025:15614 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:15615 https://access.redhat.com/errata/RHSA-2025:15615 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:15622 https://access.redhat.com/errata/RHSA-2025:15622 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:15691 https://access.redhat.com/errata/RHSA-2025:15691 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:15723 https://access.redhat.com/errata/RHSA-2025:15723 |