CVE-2023-32681 · threatengine.sh

Home/CVE/Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination s

CVE

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination s

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests.

For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the Proxy-Authorization header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information.

This issue has been patched in version 2.31.0.

MEDIUM · CVSS 6.1 EPSS 0.06086

Monitor

EPSS percentile: top 9% of all CVEs by exploitation likelihood

Sigma rules2 YARA rules0

⬡

Weakness Classification

CWE-200Exposure of Sensitive Information to an Unauthorized Actor

▤

Affected Products & Versions

2

python requests>= 2.3.0 and < 2.31.0

fedoraproject fedoraall versions

▤

Affected Packages

1

Language-ecosystem packages (from OSV) tied to this CVE, with the version that fixes it - the dependency-level detail NVD doesn’t carry.

PyPI requests MODERATE fixed in 2.31.0

◈

Sigma Hunt Rules

2

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

productmediumCloudflared Tunnels Related DNS Requests

productmediumPotential AS-REP Roasting via Kerberos TGT Requests

See all related Sigma rules for this CVE

▣

Scoring & Timeline

6.1

MEDIUM · CVSS v3.1 · security-advisories@github.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD26 May 2023 · 06:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

no

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

22

usnUSN-7762-1
usnUSN-7568-1
suse-csafopenSUSE-SU-2025:14997-1
suse-csafSUSE-SU-2024:2685-1
suse-csafopenSUSE-SU-2024:12998-1
Show all 22 vendor advisoriesrhsaRHSA-2023:6818Important
rhsaRHSA-2023:6793Important
rhsaRHSA-2023:4693Moderate
suse-csafSUSE-SU-2023:3094-1
suse-csafSUSE-SU-2023:2883-1
suse-csafSUSE-SU-2023:2865-1
suse-csafSUSE-SU-2023:2866-1
suse-csafSUSE-SU-2023:2638-1
usnUSN-6155-2
usnUSN-6155-1
msrcCVE-2023-32681
rhsaRHSA-2023:7050Moderate
rhsaRHSA-2023:4520Moderate
rhsaRHSA-2024:0299Moderate
rhsaRHSA-2023:7034Moderate
rhsaRHSA-2023:4350Moderate
rhsaRHSA-2023:7042Moderate

🔗

References & Sources

7

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5Patch

https://github.com/psf/requests/releases/tag/v2.31.0Release Notes

https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33qVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/

Show all 7 references

https://security.gentoo.org/glsa/202309-08

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin