Insufficiently Protected Credentials

CVE-2024-47081

Medium

5.3/10

Summary

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak ".netrc" credentials to third parties for specific maliciously crafted URLs. For older versions of Requests, use of the ".netrc" file can be disabled with "trust_env=False" on one's Requests Session.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory
Release Note
Pull request
Mail Thread
Mail Thread
Issue
Mail Thread

Advisory Timeline

Published Jun 09, 2025

Insufficiently Protected Credentials

CVE-2024-47081

Summary

CWE-522 - Insufficiently Protected Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS