CVE-2018-20060

CVSS 3.0 Score 9.8 of 10 (critical)

Details

Published Dec 11, 2018

Updated: Dec 27, 2024

Summary

CVE-2018-20060 is a vulnerability affecting urllib3 before version 1.23. This issue allows for the exposure of credentials in the Authorization header when following a cross-origin redirect. The vulnerability arises because urllib3 fails to remove the Authorization header during such redirections, potentially transmitting sensitive information to unintended hosts or in cleartext. This flaw could result in unauthorized access or data breaches. To mitigate this risk, affected users are advised to upgrade to the latest version of urllib3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

python-urllib3
Fedora Operating System

Affected Vendors

Fedora Project
Python Software Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners