CVE-2023-45289

SOURCE - nist

Summary

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

EPSS Score⁠: 0.00044 (0.109)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-noinfo⁠

SOURCE - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Sources (466)

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.