{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"}, {"name": "MDVSA-2015:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"}, {"name": "openSUSE-SU-2016:0246", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kennethreitz/requests/issues/1885"}, {"name": "DSA-3146", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3146"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0409.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1830", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"}, {"name": "MDVSA-2015:133", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"}, {"name": "openSUSE-SU-2016:0246", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html"}, {"name": "https://github.com/kennethreitz/requests/issues/1885", "refsource": "CONFIRM", "url": "https://github.com/kennethreitz/requests/issues/1885"}, {"name": "DSA-3146", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3146"}, {"name": "http://advisories.mageia.org/MGASA-2014-0409.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0409.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:11.480Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"}, {"name": "MDVSA-2015:133", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"}, {"name": "openSUSE-SU-2016:0246", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kennethreitz/requests/issues/1885"}, {"name": "DSA-3146", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3146"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0409.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1830", "datePublished": "2014-10-15T14:00:00", "dateReserved": "2014-01-30T00:00:00", "dateUpdated": "2024-08-06T09:50:11.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*", "matchCriteriaId": "79441BF0-F885-4440-B795-5F59EFBD53BE", "versionEndIncluding": "2.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request."}, {"lang": "es", "value": "Requests (tambi\u00e9n conocido como python-requests) anterior a 2.3.0 permite a servidores remotos obtener informaci\u00f3n sensible leyendo la cabecera en 'Proxy-Authorization' con una petici\u00f3n de redirecci\u00f3n."}], "id": "CVE-2014-1830", "lastModified": "2018-10-30T16:27:34.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-15T14:55:05.447", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0409.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3146"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"}, {"source": "cve@mitre.org", "url": "https://github.com/kennethreitz/requests/issues/1885"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "python-requests: Proxy-Authorization header leak", "id": "1144907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144907"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request."], "name": "CVE-2014-1830", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "python-requests", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Under investigation", "package_name": "python-requests", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Under investigation", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Under investigation", "package_name": "python-requests", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat Storage 2.1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat Storage 3.0"}], "public_date": "2013-12-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1830\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1830"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "requests 2.3.0"}