CVE-2026-49949
MEDIUM
6,0
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API keys to an unintended host, port, or plaintext HTTP destination to capture those credentials.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 3 Days)
522
Insufficiently Protected Credentials
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based, ICS/OT
https://github.com/steipete/CodexBar/commit/08c171b6b487654a0eb188494fa24bd1c42…
https://github.com/steipete/CodexBar/pull/1237
https://github.com/steipete/CodexBar/releases/tag/v0.33.0
https://www.vulncheck.com/advisories/codexbar-credential-leakage-via-http-redir…