Vulnerability-Lookup

CVE-2018-18074 (GCVE-0-2018-18074)

Vulnerability from cvelistv5 – Published: 2018-10-09 15:00 – Updated: 2024-08-05 11:01

Summary

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

10 references

URL	Tags
https://usn.ubuntu.com/3790-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3790-2/	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:2035	vendor-advisoryx_refsource_REDHAT
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
http://docs.python-requests.org/en/master/communi…	x_refsource_CONFIRM
https://bugs.debian.org/910766	x_refsource_MISC
https://github.com/requests/requests/commit/c45d7…	x_refsource_MISC
https://github.com/requests/requests/issues/4716	x_refsource_MISC
https://github.com/requests/requests/pull/4718	x_refsource_MISC

Date Public ?

2018-10-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3790-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3790-1/"
          },
          {
            "name": "USN-3790-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3790-2/"
          },
          {
            "name": "openSUSE-SU-2019:1754",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
          },
          {
            "name": "RHSA-2019:2035",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2035"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/910766"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/requests/requests/issues/4716"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/requests/requests/pull/4718"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-22T17:57:42.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3790-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3790-1/"
        },
        {
          "name": "USN-3790-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3790-2/"
        },
        {
          "name": "openSUSE-SU-2019:1754",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
        },
        {
          "name": "RHSA-2019:2035",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2035"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/910766"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/requests/requests/issues/4716"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/requests/requests/pull/4718"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18074",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3790-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3790-1/"
            },
            {
              "name": "USN-3790-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3790-2/"
            },
            {
              "name": "openSUSE-SU-2019:1754",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
            },
            {
              "name": "RHSA-2019:2035",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2035"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history",
              "refsource": "CONFIRM",
              "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"
            },
            {
              "name": "https://bugs.debian.org/910766",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/910766"
            },
            {
              "name": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff",
              "refsource": "MISC",
              "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"
            },
            {
              "name": "https://github.com/requests/requests/issues/4716",
              "refsource": "MISC",
              "url": "https://github.com/requests/requests/issues/4716"
            },
            {
              "name": "https://github.com/requests/requests/pull/4718",
              "refsource": "MISC",
              "url": "https://github.com/requests/requests/pull/4718"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18074",
    "datePublished": "2018-10-09T15:00:00.000Z",
    "dateReserved": "2018-10-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:01:14.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-18074",
      "date": "2026-05-20",
      "epss": "0.00175",
      "percentile": "0.38526"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.20.0\", \"matchCriteriaId\": \"7CFBA4E8-EE3D-413C-8175-43F7E42960CA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.\"}, {\"lang\": \"es\", \"value\": \"El paquete Requests antes de la versi\\u00f3n 2.20.0 para Python env\\u00eda una cabecera de autorizaci\\u00f3n HTTP a un URI http al recibir una redirecci\\u00f3n same-hostname https-to-http, lo que facilita que los atacantes remotos descibran las credenciales esnifando la red.\"}]",
      "id": "CVE-2018-18074",
      "lastModified": "2024-11-21T03:55:26.530",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-09T17:29:01.897",
      "references": "[{\"url\": \"http://docs.python-requests.org/en/master/community/updates/#release-and-version-history\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2035\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/910766\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/requests/requests/issues/4716\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/requests/requests/pull/4718\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3790-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3790-2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.python-requests.org/en/master/community/updates/#release-and-version-history\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2035\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/910766\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/requests/requests/issues/4716\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/requests/requests/pull/4718\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3790-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3790-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-18074\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-09T17:29:01.897\",\"lastModified\":\"2024-11-21T03:55:26.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.\"},{\"lang\":\"es\",\"value\":\"El paquete Requests antes de la versi\u00f3n 2.20.0 para Python env\u00eda una cabecera de autorizaci\u00f3n HTTP a un URI http al recibir una redirecci\u00f3n same-hostname https-to-http, lo que facilita que los atacantes remotos descibran las credenciales esnifando la red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.20.0\",\"matchCriteriaId\":\"7CFBA4E8-EE3D-413C-8175-43F7E42960CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://docs.python-requests.org/en/master/community/updates/#release-and-version-history\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2035\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/910766\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/requests/requests/issues/4716\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/requests/requests/pull/4718\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3790-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3790-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.python-requests.org/en/master/community/updates/#release-and-version-history\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/910766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/requests/requests/issues/4716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/requests/requests/pull/4718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3790-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3790-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2024-AVI-0366

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Cloud Pak	IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.21.0
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.21.0
IBM	QRadar Assistant	QRadar Assistant versions antérieures à 3.7.0
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.3
IBM	QRadar SIEM	QRadar SIEM sur Azure Marketplace versions antérieures à 7.3.x postérieures à 7.3.3 et antérieures à 7.5.0 avec le paquet OMI installé
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif de sécurité PH61029
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x FP2 antérieures à 11.2.4 FP3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7149736 du 29 avril 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150045 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7149967 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7149874 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150150 du 03 mai 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0",
      "product": {
        "name": "QRadar Assistant",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
    },
    {
      "name": "CVE-2022-31116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31116"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2023-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
    },
    {
      "name": "CVE-2021-30465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
    },
    {
      "name": "CVE-2022-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
    },
    {
      "name": "CVE-2022-31117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31117"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2023-27561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
    },
    {
      "name": "CVE-2024-28102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
    },
    {
      "name": "CVE-2019-14322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14322"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2019-1010083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010083"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2022-23541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-21503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
    },
    {
      "name": "CVE-2022-23540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2024-21501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21501"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2021-43784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-21334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
    },
    {
      "name": "CVE-2023-25809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
    },
    {
      "name": "CVE-2016-10745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10745"
    },
    {
      "name": "CVE-2023-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2023-44981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
    },
    {
      "name": "CVE-2024-27088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
    },
    {
      "name": "CVE-2022-23539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
    },
    {
      "name": "CVE-2018-1000656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000656"
    },
    {
      "name": "CVE-2024-25047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25047"
    },
    {
      "name": "CVE-2021-28363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2015-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2023-28642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
    },
    {
      "name": "CVE-2016-10516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10516"
    },
    {
      "name": "CVE-2020-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25032"
    },
    {
      "name": "CVE-2021-45958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45958"
    },
    {
      "name": "CVE-2023-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
    },
    {
      "name": "CVE-2021-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2023-26159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
    },
    {
      "name": "CVE-2024-24758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24758"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0366",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024",
      "url": "https://www.ibm.com/support/pages/node/7149736"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7149967"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7149874"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150150"
    }
  ]
}

CERTFR-2025-AVI-0135

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM QRadar Deployment Intelligence App. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	IBM	QRadar SIEM	QRadar Deployment Intelligence App versions antérieures à 3.0.16

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7182930

2025-02-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.16",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2024-42460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
    },
    {
      "name": "CVE-2021-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2024-42461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0135",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar Deployment Intelligence App. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar Deployment Intelligence App",
  "vendor_advisories": [
    {
      "published_at": "2025-02-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182930",
      "url": "https://www.ibm.com/support/pages/node/7182930"
    }
  ]
}

CERTFR-2024-AVI-0366

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Cloud Pak	IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.21.0
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.21.0
IBM	QRadar Assistant	QRadar Assistant versions antérieures à 3.7.0
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.3
IBM	QRadar SIEM	QRadar SIEM sur Azure Marketplace versions antérieures à 7.3.x postérieures à 7.3.3 et antérieures à 7.5.0 avec le paquet OMI installé
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif de sécurité PH61029
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x FP2 antérieures à 11.2.4 FP3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7149736 du 29 avril 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150045 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7149967 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7149874 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150150 du 03 mai 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0",
      "product": {
        "name": "QRadar Assistant",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
    },
    {
      "name": "CVE-2022-31116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31116"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2023-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
    },
    {
      "name": "CVE-2021-30465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
    },
    {
      "name": "CVE-2022-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
    },
    {
      "name": "CVE-2022-31117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31117"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2023-27561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
    },
    {
      "name": "CVE-2024-28102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
    },
    {
      "name": "CVE-2019-14322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14322"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2019-1010083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010083"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2022-23541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-21503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
    },
    {
      "name": "CVE-2022-23540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2024-21501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21501"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2021-43784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-21334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
    },
    {
      "name": "CVE-2023-25809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
    },
    {
      "name": "CVE-2016-10745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10745"
    },
    {
      "name": "CVE-2023-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2023-44981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
    },
    {
      "name": "CVE-2024-27088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
    },
    {
      "name": "CVE-2022-23539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
    },
    {
      "name": "CVE-2018-1000656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000656"
    },
    {
      "name": "CVE-2024-25047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25047"
    },
    {
      "name": "CVE-2021-28363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2015-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2023-28642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
    },
    {
      "name": "CVE-2016-10516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10516"
    },
    {
      "name": "CVE-2020-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25032"
    },
    {
      "name": "CVE-2021-45958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45958"
    },
    {
      "name": "CVE-2023-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
    },
    {
      "name": "CVE-2021-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2023-26159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
    },
    {
      "name": "CVE-2024-24758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24758"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0366",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024",
      "url": "https://www.ibm.com/support/pages/node/7149736"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7149967"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7149874"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150150"
    }
  ]
}

CERTFR-2025-AVI-0135

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	IBM	QRadar SIEM	QRadar Deployment Intelligence App versions antérieures à 3.0.16

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7182930

2025-02-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.16",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2024-42460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
    },
    {
      "name": "CVE-2021-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2024-42461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0135",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar Deployment Intelligence App. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar Deployment Intelligence App",
  "vendor_advisories": [
    {
      "published_at": "2025-02-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182930",
      "url": "https://www.ibm.com/support/pages/node/7182930"
    }
  ]
}

CERTFR-2026-AVI-0395

Vulnerability from certfr_avis - Published: 2026-04-03 - Updated: 2026-04-03

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de sécurité PH70422
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 IF01
IBM	WebSphere Automation	WebSphere Automation versions antérieures à 1.12.0
IBM	Storage Protect	Storage Protect Plus Server versions 10.1.x antérieures à 10.1.18

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7268179	2026-03-31	vendor-advisory
Bulletin de sécurité IBM 7267689	2026-03-26	vendor-advisory
Bulletin de sécurité IBM 7268331	2026-04-01	vendor-advisory
Bulletin de sécurité IBM 7267801	2026-03-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de s\u00e9curit\u00e9 PH70422",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP15 IF01",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.12.0",
      "product": {
        "name": "WebSphere Automation",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.18",
      "product": {
        "name": "Storage Protect",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-26007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
    },
    {
      "name": "CVE-2025-40064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2021-3200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2024-42316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
    },
    {
      "name": "CVE-2023-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
    },
    {
      "name": "CVE-2026-27205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
    },
    {
      "name": "CVE-2017-18342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18342"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
    },
    {
      "name": "CVE-2022-2255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2255"
    },
    {
      "name": "CVE-2019-20477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
    },
    {
      "name": "CVE-2022-48468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2024-43898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43898"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2021-44568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44568"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2021-33929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
    },
    {
      "name": "CVE-2021-23336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
    },
    {
      "name": "CVE-2019-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
    },
    {
      "name": "CVE-2018-20852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
    },
    {
      "name": "CVE-2024-5629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-69419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2021-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
    },
    {
      "name": "CVE-2021-46877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
    },
    {
      "name": "CVE-2021-42771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
    },
    {
      "name": "CVE-2025-71085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71085"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2021-33928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
    },
    {
      "name": "CVE-2022-48565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2024-27398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2019-11340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11340"
    },
    {
      "name": "CVE-2026-21860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2024-23672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2026-23074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2022-42919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2019-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
    },
    {
      "name": "CVE-2026-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
    },
    {
      "name": "CVE-2024-43823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2026-27199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
    },
    {
      "name": "CVE-2021-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
    },
    {
      "name": "CVE-2021-29921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
    },
    {
      "name": "CVE-2025-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
    },
    {
      "name": "CVE-2021-3426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
    },
    {
      "name": "CVE-2025-12818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
    },
    {
      "name": "CVE-2025-38129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2026-23001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23001"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2024-42294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42294"
    },
    {
      "name": "CVE-2021-33930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2020-27619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2020-8492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
    },
    {
      "name": "CVE-2022-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
    },
    {
      "name": "CVE-2019-18874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    },
    {
      "name": "CVE-2025-8869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2024-34750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2021-20270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20270"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2024-46759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2024-36880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36880"
    },
    {
      "name": "CVE-2019-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
    },
    {
      "name": "CVE-2024-43820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43820"
    },
    {
      "name": "CVE-2024-43821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-50067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2024-50379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
    },
    {
      "name": "CVE-2025-14847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14847"
    },
    {
      "name": "CVE-2015-20107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
    },
    {
      "name": "CVE-2024-42321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
    },
    {
      "name": "CVE-2024-52317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
    },
    {
      "name": "CVE-2026-23097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23097"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2019-7548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7548"
    },
    {
      "name": "CVE-2020-14422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14422"
    },
    {
      "name": "CVE-2024-52316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
    },
    {
      "name": "CVE-2021-33938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2021-43818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
    },
    {
      "name": "CVE-2019-16935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
    },
    {
      "name": "CVE-2025-68800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
    },
    {
      "name": "CVE-2021-27291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27291"
    },
    {
      "name": "CVE-2019-7164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7164"
    },
    {
      "name": "CVE-2021-43618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
    },
    {
      "name": "CVE-2025-38248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    }
  ],
  "initial_release_date": "2026-04-03T00:00:00",
  "last_revision_date": "2026-04-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0395",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7268179",
      "url": "https://www.ibm.com/support/pages/node/7268179"
    },
    {
      "published_at": "2026-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7267689",
      "url": "https://www.ibm.com/support/pages/node/7267689"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7268331",
      "url": "https://www.ibm.com/support/pages/node/7268331"
    },
    {
      "published_at": "2026-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7267801",
      "url": "https://www.ibm.com/support/pages/node/7267801"
    }
  ]
}

alsa-2020:1605

Vulnerability from osv_almalinux

Published

2020-04-28 08:55

Modified

2020-04-28 08:55

Summary

Moderate: python27:2.7 security, bug fix, and enhancement update

Details

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.

The following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944)

Security Fix(es):

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060)
python: Cookie domain check returns incorrect results (CVE-2018-20852)
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236)
python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)
python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056)
python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-1605.html	ADVISORY
	https://vulners.com/cve/CVE-2018-18074	REPORT
	https://vulners.com/cve/CVE-2018-20060	REPORT
	https://vulners.com/cve/CVE-2018-20852	REPORT
	https://vulners.com/cve/CVE-2019-11236	REPORT
	https://vulners.com/cve/CVE-2019-11324	REPORT
	https://vulners.com/cve/CVE-2019-16056	REPORT
	https://vulners.com/cve/CVE-2019-16935	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python-psycopg2-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-Cython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.28.1-7.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-PyMySQL"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.0-10.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-attrs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.4.0-10.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-chardet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.4-10.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-coverage"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.5.1-4.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-dns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.0-10.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-docs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.16-2.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-docs-info"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.16-2.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-docutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14-12.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-funcsigs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.2-13.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-idna"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5-7.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-ipaddress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.18-6.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-markupsafe"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.23-19.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-mock"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0-13.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-pluggy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0-8.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-psycopg2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-psycopg2-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-psycopg2-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-py"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.3-6.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-pysocks"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.8-6.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-pytest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.2-13.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-pytest-mock"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.0-4.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-pytz"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2017.2-12.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-pyyaml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12-16.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-requests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.20.0-3.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-rpm-macros"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3-38.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python2-setuptools_scm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.7-6.module_el8.6.0+2781+fed64c13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.\n\nThe following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944)\n\nSecurity Fix(es):\n\n* python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060)\n\n* python: Cookie domain check returns incorrect results (CVE-2018-20852)\n\n* python-urllib3: CRLF injection due to not encoding the \u0027\\r\\n\u0027 sequence leading to possible attack on internal service (CVE-2019-11236)\n\n* python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)\n\n* python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056)\n\n* python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:1605",
  "modified": "2020-04-28T08:55:52Z",
  "published": "2020-04-28T08:55:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-1605.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-18074"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-20060"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2018-20852"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11236"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11324"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-16056"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-16935"
    }
  ],
  "related": [
    "CVE-2018-20060",
    "CVE-2018-20852",
    "CVE-2019-11236",
    "CVE-2019-11324",
    "CVE-2019-16056",
    "CVE-2018-18074"
  ],
  "summary": "Moderate: python27:2.7 security, bug fix, and enhancement update"
}

BDU:2021-01443

Vulnerability from fstec - Published: 09.10.2018

Title

Уязвимость библиотеки HTTP запросов языка программирования Python Requests, связанная с недостатком механизма хранения регистрационных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Description

Уязвимость библиотеки HTTP запросов языка программирования Python Requests связана с недостатком механизма хранения регистрационных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Kenneth Reitz, Cory Benfield, Ian Stapleton Cordasco, Nate Prewitt

Software Name

Ubuntu, Debian GNU/Linux, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Requests

Software Version

16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 2.12 «Орёл» (Astra Linux Common Edition), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 2.20.0 (Requests)

Possible Mitigations

Использование рекомендаций: Для Requests: Обновление программного обеспечения до 2.20.0 или более поздней версии Для Debian: Обновление программного обеспечения (пакета requests) до 2.21.0-1 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета requests) до 2.21.0-1 или более поздней версии Для Ubuntu: https://usn.ubuntu.com/3790-1/ https://usn.ubuntu.com/3790-2/

Reference

http://docs.python-requests.org/en/master/community/updates/#release-and-version-history https://bugs.debian.org/910766 https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff https://github.com/requests/requests/issues/4716 https://nvd.nist.gov/vuln/detail/CVE-2018-18074 https://security-tracker.debian.org/tracker/CVE-2018-18074 https://usn.ubuntu.com/3790-1/ https://usn.ubuntu.com/3790-2/

CWE

CWE-522

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Kenneth Reitz, Cory Benfield, Ian Stapleton Cordasco, Nate Prewitt",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 2.20.0 (Requests)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Requests:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 2.20.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 requests) \u0434\u043e 2.21.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 requests) \u0434\u043e 2.21.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3790-1/\nhttps://usn.ubuntu.com/3790-2/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.10.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.03.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01443",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-18074",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Requests",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 HTTP \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Python Requests, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-522)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 HTTP \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Python Requests \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history\nhttps://bugs.debian.org/910766\nhttps://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff\nhttps://github.com/requests/requests/issues/4716\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18074\nhttps://security-tracker.debian.org/tracker/CVE-2018-18074\nhttps://usn.ubuntu.com/3790-1/\nhttps://usn.ubuntu.com/3790-2/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-522",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2018-26002

Vulnerability from cnvd - Published: 2018-12-20

Title

Requests package for Python信息泄露漏洞

Description

Requests package for Python是一款基于Python的开源HTTP库。 Requests package for Python 2.19.1及之前版本（2018-09-14之前发布）中存在安全漏洞，该漏洞源于程序在接收到从https转换到http的重定向请求（带有相同主机名）时，会将HTTP Authorization包头发送到http URI。远程攻击者可通过嗅探网络利用该漏洞获取凭证。

Severity

中

Patch Name

Requests package for Python信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Impacted products

Name
Requests package for Python Requests package for Python <=2.19.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18074",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074"
    }
  },
  "description": "Requests package for Python\u662f\u4e00\u6b3e\u57fa\u4e8ePython\u7684\u5f00\u6e90HTTP\u5e93\u3002\n\nRequests package for Python 2.19.1\u53ca\u4e4b\u524d\u7248\u672c\uff082018-09-14\u4e4b\u524d\u53d1\u5e03\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u63a5\u6536\u5230\u4ecehttps\u8f6c\u6362\u5230http\u7684\u91cd\u5b9a\u5411\u8bf7\u6c42\uff08\u5e26\u6709\u76f8\u540c\u4e3b\u673a\u540d\uff09\u65f6\uff0c\u4f1a\u5c06HTTP Authorization\u5305\u5934\u53d1\u9001\u5230http URI\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u55c5\u63a2\u7f51\u7edc\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u51ed\u8bc1\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-26002",
  "openTime": "2018-12-20",
  "patchDescription": "Requests package for Python\u662f\u4e00\u6b3e\u57fa\u4e8ePython\u7684\u5f00\u6e90HTTP\u5e93\u3002\r\n\r\nRequests package for Python 2.19.1\u53ca\u4e4b\u524d\u7248\u672c\uff082018-09-14\u4e4b\u524d\u53d1\u5e03\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u63a5\u6536\u5230\u4ecehttps\u8f6c\u6362\u5230http\u7684\u91cd\u5b9a\u5411\u8bf7\u6c42\uff08\u5e26\u6709\u76f8\u540c\u4e3b\u673a\u540d\uff09\u65f6\uff0c\u4f1a\u5c06HTTP Authorization\u5305\u5934\u53d1\u9001\u5230http URI\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u55c5\u63a2\u7f51\u7edc\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u51ed\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Requests package for Python\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Requests package for Python Requests package for Python \u003c=2.19.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-30",
  "title": "Requests package for Python\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2018-18074

Vulnerability from fkie_nvd - Published: 2018-10-09 17:29 - Updated: 2024-11-21 03:55

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://docs.python-requests.org/en/master/community/updates/#release-and-version-history	Release Notes, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html	Mailing List, Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:2035	Third Party Advisory
cve@mitre.org	https://bugs.debian.org/910766	Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff	Patch, Third Party Advisory
cve@mitre.org	https://github.com/requests/requests/issues/4716	Exploit, Patch, Third Party Advisory
cve@mitre.org	https://github.com/requests/requests/pull/4718	Patch, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3790-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3790-2/	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108	http://docs.python-requests.org/en/master/community/updates/#release-and-version-history	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2035	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/910766	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/requests/requests/issues/4716	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/requests/requests/pull/4718	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3790-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3790-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html

Impacted products

Vendor	Product	Version
python	requests	*
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
opensuse	leap	15.1
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CFBA4E8-EE3D-413C-8175-43F7E42960CA",
              "versionEndExcluding": "2.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network."
    },
    {
      "lang": "es",
      "value": "El paquete Requests antes de la versi\u00f3n 2.20.0 para Python env\u00eda una cabecera de autorizaci\u00f3n HTTP a un URI http al recibir una redirecci\u00f3n same-hostname https-to-http, lo que facilita que los atacantes remotos descibran las credenciales esnifando la red."
    }
  ],
  "id": "CVE-2018-18074",
  "lastModified": "2024-11-21T03:55:26.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-09T17:29:01.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2035"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/910766"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/requests/requests/issues/4716"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/requests/requests/pull/4718"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3790-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3790-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/910766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/requests/requests/issues/4716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/requests/requests/pull/4718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3790-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3790-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X84V-XCM2-53PG

Vulnerability from github – Published: 2018-10-29 19:06 – Updated: 2024-10-21 21:26

Summary

Insufficiently Protected Credentials in Requests

Details

The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.19.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "requests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-18074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:02:40Z",
    "nvd_published_at": "2018-10-09T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.",
  "id": "GHSA-x84v-xcm2-53pg",
  "modified": "2024-10-21T21:26:17Z",
  "published": "2018-10-29T19:06:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/requests/requests/issues/4716"
    },
    {
      "type": "WEB",
      "url": "https://github.com/requests/requests/pull/4718"
    },
    {
      "type": "WEB",
      "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2035"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/910766"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/requests/requests"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3790-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3790-2"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficiently Protected Credentials in Requests"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-18074 (GCVE-0-2018-18074)

Solution

Solutions

Solution

Solutions

Solutions

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature