Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2023-45289: golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2023-45289: golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
03/05/2024
Created
05/01/2024
Added
05/01/2024
Modified
09/13/2024

Description

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

Solution(s)

  • redhat-upgrade-delve
  • redhat-upgrade-delve-debuginfo
  • redhat-upgrade-delve-debugsource
  • redhat-upgrade-git-lfs
  • redhat-upgrade-git-lfs-debuginfo
  • redhat-upgrade-git-lfs-debugsource
  • redhat-upgrade-go-toolset
  • redhat-upgrade-golang
  • redhat-upgrade-golang-bin
  • redhat-upgrade-golang-docs
  • redhat-upgrade-golang-misc
  • redhat-upgrade-golang-src
  • redhat-upgrade-golang-tests

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;