How severe is CVE-2023-32681?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2023-32681?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-32681

MEDIUM Year: 2023

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

CVE-2016-10702

MEDIUM

CVSS:6.1(Medium)

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by mod...

CWE-2002016

CVE-2018-1059

MEDIUM

CVSS:6.1(Medium)

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translati...

CWE-2002018

CVE-2018-16658

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cas...

CWE-2002018

CVE-2018-20681

MEDIUM

CVSS:6.1(Medium)

mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cyclin...

CWE-2002018

CVE-2018-8714

MEDIUM

CVSS:6.1(Medium)

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libra...

CWE-2002018

CVE-2019-9541

MEDIUM

CVSS:6.1(Medium)

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Au...

CWE-2002019

CVE-2023-32681

Vulnerability Description

Related Vulnerabilities

CVE-2016-10702

CVE-2018-1059

CVE-2018-16658

CVE-2018-20681

CVE-2018-8714

CVE-2019-9541