When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
History

Thu, 14 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openstack Podified
CPEs cpe:/a:redhat:openstack_podified:1.0::el9
Vendors & Products Redhat openstack Podified

Mon, 04 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Thu, 26 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhmt
CPEs cpe:/a:redhat:rhmt:1.8::el8
Vendors & Products Redhat rhmt

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2024-03-05T22:22:30.306Z

Updated: 2024-11-04T18:24:28.343Z

Reserved: 2023-10-06T17:06:26.221Z

Link: CVE-2023-45289

cve-icon Vulnrichment

Updated: 2024-08-02T20:21:15.333Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-05T23:15:07.137

Modified: 2024-11-21T08:26:42.620

Link: CVE-2023-45289

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-03-05T00:00:00Z

Links: CVE-2023-45289 - Bugzilla