Impact
Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties.
The flow of the vulnerability is as follows:
- Send any request with
BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler
- The target host may return a redirection (3xx), with a link to a second host.
- The next request will use the credentials to authenticate with the second host, by setting the
Authorization header.
The expected behavior is that the next request will NOT set the Authorization header.
Patches
The problem was fixed on April 1st 2020.
Workarounds
There is no workaround.
References
This is similar to the following issues in nature:
- HTTP authentication leak in redirects - I used the same solution as CURL did.
- CVE-2018-1000007.
yahavi Remediation developer
JLLeitschuh Reporter
Impact
Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties.
The flow of the vulnerability is as follows:
BasicCredentialHandler,BearerCredentialHandlerorPersonalAccessTokenCredentialHandlerAuthorizationheader.The expected behavior is that the next request will NOT set the
Authorizationheader.Patches
The problem was fixed on April 1st 2020.
Workarounds
There is no workaround.
References
This is similar to the following issues in nature: