Red Hat Security Advisory: RHOSP 17.1.4 (python-urllib3) security update
A security vulnerability (CVE-2024-37891) affecting the python-urllib3 module used in Red Hat OpenStack Platform 17. 1. 4 allows the proxy-authorization request header to not be stripped during cross-origin redirects. This issue could potentially expose sensitive authorization headers in unintended contexts. Red Hat has issued a security advisory rating this vulnerability as moderate severity and has released updated python-urllib3 packages to address the issue.
AI Analysis
Technical Summary
The vulnerability CVE-2024-37891 involves the python-urllib3 HTTP module, specifically that the proxy-authorization request header is not removed during cross-origin redirects. This behavior could lead to unintended disclosure of proxy authorization credentials when redirects cross origins. The issue affects Red Hat OpenStack Platform 17.1 and related packages. Red Hat has released updated python-urllib3 packages as part of RHSA-2024:9985 to fix this vulnerability.
Potential Impact
The impact is rated moderate by Red Hat Product Security. The vulnerability could allow sensitive proxy-authorization headers to be sent to unintended destinations during cross-origin HTTP redirects, potentially exposing credentials. There are no known exploits in the wild at this time. The vulnerability affects Red Hat OpenStack Platform 17.1 and related Red Hat Enterprise Linux 8 packages.
Mitigation Recommendations
Red Hat has released updated python-urllib3 packages that fix this vulnerability. Users of Red Hat OpenStack Platform 17.1 and affected RHEL 8 packages should apply the security update as described in Red Hat advisory RHSA-2024:9985. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation is required beyond applying the official patch.
Red Hat Security Advisory: RHOSP 17.1.4 (python-urllib3) security update
Description
A security vulnerability (CVE-2024-37891) affecting the python-urllib3 module used in Red Hat OpenStack Platform 17. 1. 4 allows the proxy-authorization request header to not be stripped during cross-origin redirects. This issue could potentially expose sensitive authorization headers in unintended contexts. Red Hat has issued a security advisory rating this vulnerability as moderate severity and has released updated python-urllib3 packages to address the issue.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2024-37891 involves the python-urllib3 HTTP module, specifically that the proxy-authorization request header is not removed during cross-origin redirects. This behavior could lead to unintended disclosure of proxy authorization credentials when redirects cross origins. The issue affects Red Hat OpenStack Platform 17.1 and related packages. Red Hat has released updated python-urllib3 packages as part of RHSA-2024:9985 to fix this vulnerability.
Potential Impact
The impact is rated moderate by Red Hat Product Security. The vulnerability could allow sensitive proxy-authorization headers to be sent to unintended destinations during cross-origin HTTP redirects, potentially exposing credentials. There are no known exploits in the wild at this time. The vulnerability affects Red Hat OpenStack Platform 17.1 and related Red Hat Enterprise Linux 8 packages.
Mitigation Recommendations
Red Hat has released updated python-urllib3 packages that fix this vulnerability. Users of Red Hat OpenStack Platform 17.1 and affected RHEL 8 packages should apply the security update as described in Red Hat advisory RHSA-2024:9985. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation is required beyond applying the official patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:9985
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4e82e29bf47b5007cdc2
Added to database: 6/2/2026, 9:43:30 PM
Last enriched: 6/2/2026, 9:45:59 PM
Last updated: 6/3/2026, 5:09:38 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.