CVE-2014-1829

Published: Oct 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

Affected (4)

Products: Debian: Debian Linux · Python: Requests · Canonical: Ubuntu Linux · +1 more

Show all products

Debian: Debian Linux · Python: Requests · Canonical: Ubuntu Linux · Mageia: Mageia

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Python Requests	Up to 2.2.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Mageia Mageia	Version 4.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://advisories.mageia.org/MGASA-2014-0409.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3146

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:133

Source: cve@mitre.org

Broken Link

http://www.ubuntu.com/usn/USN-2382-1

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108

Source: cve@mitre.org

Issue Tracking

https://github.com/kennethreitz/requests/issues/1885

Source: cve@mitre.org

Issue TrackingPatch

http://advisories.mageia.org/MGASA-2014-0409.html