CVE-2024-3574

In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75
https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9
https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75
https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9

Configurations

No configuration.

History

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75 -~~	() https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75 -
References	~~() https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9 -~~	() https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9 -

16 Apr 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-16 00:15

Updated : 2024-11-21 09:29

NVD link : CVE-2024-3574

Mitre link : CVE-2024-3574

CVE.ORG link : CVE-2024-3574

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-3574", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-16T00:15:12.750", "references": [{"url": "https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9", "source": "security@huntr.dev"}, {"url": "https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking."}, {"lang": "es", "value": "En la versi\u00f3n 2.10.1 de scrapy, se identific\u00f3 un problema por el cual el encabezado de Autorizaci\u00f3n, que contiene las credenciales para la autenticaci\u00f3n del servidor, se filtra a un sitio de terceros durante una redirecci\u00f3n entre dominios. Esta vulnerabilidad surge de no eliminar el encabezado de Autorizaci\u00f3n al redireccionar entre dominios. La exposici\u00f3n del encabezado de Autorizaci\u00f3n a actores no autorizados podr\u00eda permitir el secuestro de cuentas."}], "lastModified": "2024-11-21T09:29:54.513", "sourceIdentifier": "security@huntr.dev"}