CVE-2024-47081: CWE-522: Insufficiently Protected Credentials in psf requests
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
AI Analysis
Technical Summary
CVE-2024-47081 is a medium-severity vulnerability affecting the Python HTTP library Requests, versions prior to 2.32.4. The root cause is a URL parsing flaw that can lead to the leakage of credentials stored in the .netrc file. The .netrc file is commonly used to store login credentials for HTTP authentication, and Requests can automatically use these credentials when making HTTP requests. Due to improper handling of certain maliciously crafted URLs, Requests may inadvertently expose these credentials to third parties, potentially allowing attackers to intercept sensitive authentication information. This vulnerability is classified under CWE-522, which relates to insufficiently protected credentials. The CVSS 3.1 base score is 5.3, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). Exploitation requires a user to interact with a malicious URL, and the attacker must craft URLs that trigger the credential leak. There are no known exploits in the wild at this time. The recommended fix is to upgrade Requests to version 2.32.4 or later, where the issue is resolved. For environments where upgrading is not immediately possible, disabling the use of the .netrc file by setting `trust_env=False` on the Requests Session object can mitigate the risk by preventing automatic credential usage. This vulnerability primarily affects applications and services that use the Requests library to make HTTP calls and rely on .netrc for credential management, which is common in automated scripts, CI/CD pipelines, and other programmatic HTTP interactions.
Potential Impact
For European organizations, the impact of CVE-2024-47081 can be significant in scenarios where Requests is used to automate HTTP requests with .netrc credentials. Leakage of these credentials could lead to unauthorized access to internal or external services, exposing sensitive data or enabling further lateral movement within networks. Confidentiality is the primary concern, as credentials may be exposed to attackers who can intercept or manipulate crafted URLs. This could compromise access to APIs, cloud services, or internal systems that rely on these credentials. The requirement for user interaction (e.g., clicking or triggering a malicious URL) somewhat limits the risk but does not eliminate it, especially in environments where automated processes handle URLs from untrusted sources. The vulnerability does not affect integrity or availability directly but can be a stepping stone for more severe attacks if credentials are reused or have broad access privileges. Organizations with automated workflows, DevOps pipelines, or integrations that use Requests and .netrc files should be particularly vigilant. The absence of known exploits in the wild suggests the threat is currently theoretical but patching is critical to prevent future exploitation.
Mitigation Recommendations
1. Immediate upgrade of the Requests library to version 2.32.4 or later is the most effective mitigation. 2. For legacy systems where upgrading is not feasible, explicitly disable .netrc credential usage by setting `trust_env=False` on the Requests Session object to prevent automatic credential inclusion. 3. Audit all codebases and automation scripts to identify usage of Requests with .netrc files and assess exposure to untrusted URLs. 4. Implement strict input validation and sanitization for any URLs processed by applications using Requests to reduce the risk of malicious URL injection. 5. Monitor network traffic for unusual outbound requests that could indicate credential leakage attempts. 6. Rotate any credentials stored in .netrc files that may have been exposed or are suspected to be at risk. 7. Educate developers and DevOps teams about the vulnerability and the importance of secure credential handling and library updates. 8. Consider alternative credential management approaches that do not rely on .netrc files, such as environment variables or secure vaults, to reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy
CVE-2024-47081: CWE-522: Insufficiently Protected Credentials in psf requests
Description
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
AI-Powered Analysis
Technical Analysis
CVE-2024-47081 is a medium-severity vulnerability affecting the Python HTTP library Requests, versions prior to 2.32.4. The root cause is a URL parsing flaw that can lead to the leakage of credentials stored in the .netrc file. The .netrc file is commonly used to store login credentials for HTTP authentication, and Requests can automatically use these credentials when making HTTP requests. Due to improper handling of certain maliciously crafted URLs, Requests may inadvertently expose these credentials to third parties, potentially allowing attackers to intercept sensitive authentication information. This vulnerability is classified under CWE-522, which relates to insufficiently protected credentials. The CVSS 3.1 base score is 5.3, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). Exploitation requires a user to interact with a malicious URL, and the attacker must craft URLs that trigger the credential leak. There are no known exploits in the wild at this time. The recommended fix is to upgrade Requests to version 2.32.4 or later, where the issue is resolved. For environments where upgrading is not immediately possible, disabling the use of the .netrc file by setting `trust_env=False` on the Requests Session object can mitigate the risk by preventing automatic credential usage. This vulnerability primarily affects applications and services that use the Requests library to make HTTP calls and rely on .netrc for credential management, which is common in automated scripts, CI/CD pipelines, and other programmatic HTTP interactions.
Potential Impact
For European organizations, the impact of CVE-2024-47081 can be significant in scenarios where Requests is used to automate HTTP requests with .netrc credentials. Leakage of these credentials could lead to unauthorized access to internal or external services, exposing sensitive data or enabling further lateral movement within networks. Confidentiality is the primary concern, as credentials may be exposed to attackers who can intercept or manipulate crafted URLs. This could compromise access to APIs, cloud services, or internal systems that rely on these credentials. The requirement for user interaction (e.g., clicking or triggering a malicious URL) somewhat limits the risk but does not eliminate it, especially in environments where automated processes handle URLs from untrusted sources. The vulnerability does not affect integrity or availability directly but can be a stepping stone for more severe attacks if credentials are reused or have broad access privileges. Organizations with automated workflows, DevOps pipelines, or integrations that use Requests and .netrc files should be particularly vigilant. The absence of known exploits in the wild suggests the threat is currently theoretical but patching is critical to prevent future exploitation.
Mitigation Recommendations
1. Immediate upgrade of the Requests library to version 2.32.4 or later is the most effective mitigation. 2. For legacy systems where upgrading is not feasible, explicitly disable .netrc credential usage by setting `trust_env=False` on the Requests Session object to prevent automatic credential inclusion. 3. Audit all codebases and automation scripts to identify usage of Requests with .netrc files and assess exposure to untrusted URLs. 4. Implement strict input validation and sanitization for any URLs processed by applications using Requests to reduce the risk of malicious URL injection. 5. Monitor network traffic for unusual outbound requests that could indicate credential leakage attempts. 6. Rotate any credentials stored in .netrc files that may have been exposed or are suspected to be at risk. 7. Educate developers and DevOps teams about the vulnerability and the importance of secure credential handling and library updates. 8. Consider alternative credential management approaches that do not rely on .netrc files, such as environment variables or secure vaults, to reduce attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2024-09-17T17:42:37.030Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68487f5b1b0bd07c3938c183
Added to database: 6/10/2025, 6:54:19 PM
Last enriched: 7/10/2025, 10:33:44 PM
Last updated: 8/13/2025, 11:36:28 AM
Views: 23
Related Threats
CVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57702: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57701: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57700: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.