Libsoup HTTP Authorization Header Redirection Vulnerability

A vulnerability exists in libsoup, an HTTP client and server library for GNOME. When libsoup clients encounter an HTTP redirect, they incorrectly send the Authorization header to the new host indicated by the redirect. This behavior allows the new host to impersonate the user to the original host that issued the redirect. This issue affects libsoup versions prior to 3.6.5.

Impact

Exploitation of this vulnerability could lead to unauthorized impersonation of users by a redirected host, potentially allowing access to sensitive information or actions on behalf of the user.

Reproduction

To reproduce this vulnerability, use a libsoup client version prior to 3.6.5 and send a request that includes the Authorization header to a server that responds with an HTTP redirect. The client will incorrectly forward the Authorization header to the new host, allowing it to impersonate the user to the original server.

Remediation

Users can update to libsoup version 3.6.5 or later to address this vulnerability. Instructions for applying this update are available on the Red Hat Customer Portal.