PYSEC-2023-243
Vulnerability from pysec - Published: 2023-11-16 18:15 - Updated: 2024-10-09 12:05
VLAI?
Details
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
Severity ?
7.4 (High)
Impacted products
| Name | purl | localstack | pkg:pypi/localstack |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "localstack",
"purl": "pkg:pypi/localstack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0.1",
"0.1.10",
"0.1.11",
"0.1.12",
"0.1.13",
"0.1.14",
"0.1.15",
"0.1.17",
"0.1.18",
"0.1.5",
"0.1.6",
"0.1.7",
"0.1.8",
"0.1.9",
"0.10.0",
"0.10.1",
"0.10.1.1",
"0.10.1.2",
"0.10.1.3",
"0.10.1.4",
"0.10.2",
"0.10.2.1",
"0.10.2.2",
"0.10.2.3",
"0.10.2.4",
"0.10.2.5",
"0.10.3",
"0.10.3.1",
"0.10.3.2",
"0.10.4",
"0.10.4.1",
"0.10.4.2",
"0.10.5",
"0.10.6",
"0.10.7",
"0.10.8",
"0.11.0",
"0.11.0.1",
"0.11.0.2",
"0.11.0.3",
"0.11.0.4",
"0.11.0.5",
"0.11.1",
"0.11.1.1",
"0.11.2",
"0.11.3",
"0.11.3.1",
"0.11.3.2",
"0.11.3.3",
"0.11.4",
"0.11.5",
"0.11.6",
"0.12.0",
"0.12.1",
"0.12.10",
"0.12.11",
"0.12.12",
"0.12.13",
"0.12.13.1",
"0.12.14",
"0.12.15",
"0.12.15.1",
"0.12.16",
"0.12.16.1",
"0.12.16.2",
"0.12.17",
"0.12.17.1",
"0.12.17.2",
"0.12.17.3",
"0.12.17.4",
"0.12.17.5",
"0.12.18",
"0.12.18.1",
"0.12.18.2",
"0.12.18.3",
"0.12.18.4",
"0.12.18.5",
"0.12.19",
"0.12.19.1",
"0.12.19.2",
"0.12.19.3",
"0.12.19.4",
"0.12.2",
"0.12.20",
"0.12.3",
"0.12.4",
"0.12.5",
"0.12.6",
"0.12.6.1",
"0.12.7",
"0.12.8",
"0.12.9",
"0.12.9.1",
"0.13.0",
"0.13.0.1",
"0.13.0.10",
"0.13.0.11",
"0.13.0.2",
"0.13.0.3",
"0.13.0.4",
"0.13.0.5",
"0.13.0.6",
"0.13.0.7",
"0.13.0.8",
"0.13.0.9",
"0.13.1",
"0.13.1.1",
"0.13.1.2",
"0.13.2",
"0.13.2.1",
"0.13.3",
"0.13.3.1",
"0.13.3.2",
"0.13.3.3",
"0.13.3.4",
"0.13.3.5",
"0.13.3.6",
"0.14.0",
"0.14.0.1",
"0.14.0.10",
"0.14.0.2",
"0.14.0.3",
"0.14.0.4",
"0.14.0.5",
"0.14.0.6",
"0.14.0.7",
"0.14.0.8",
"0.14.0.9",
"0.14.1",
"0.14.1.1",
"0.14.1.2",
"0.14.1.3",
"0.14.2",
"0.14.2.1",
"0.14.2.10",
"0.14.2.11",
"0.14.2.2",
"0.14.2.3",
"0.14.2.4",
"0.14.2.5",
"0.14.2.6",
"0.14.2.7",
"0.14.2.8",
"0.14.2.9",
"0.14.3",
"0.14.3.1",
"0.14.3.2",
"0.14.3.3",
"0.14.3.4",
"0.14.3.5",
"0.14.3.6",
"0.14.4",
"0.14.5",
"0.2.0",
"0.2.1",
"0.2.10",
"0.2.11",
"0.2.2",
"0.2.3",
"0.2.4",
"0.2.5",
"0.2.6",
"0.2.7",
"0.2.8",
"0.2.9",
"0.3.0",
"0.3.10",
"0.3.11",
"0.3.2",
"0.3.3",
"0.3.4",
"0.3.5",
"0.3.6",
"0.3.7",
"0.3.8",
"0.3.9",
"0.4.0",
"0.4.1",
"0.4.2",
"0.4.3",
"0.5.0",
"0.5.1",
"0.5.2",
"0.5.2.1",
"0.5.2.2",
"0.5.2.3",
"0.5.3",
"0.5.3.1",
"0.5.4",
"0.5.5",
"0.6.0.1",
"0.6.0.2",
"0.6.1",
"0.6.1.1",
"0.7.0",
"0.7.1",
"0.7.2",
"0.7.3",
"0.7.4",
"0.7.4.1",
"0.7.4.2",
"0.7.4.3",
"0.7.5",
"0.8.0",
"0.8.1",
"0.8.10",
"0.8.2",
"0.8.3",
"0.8.4",
"0.8.5",
"0.8.6",
"0.8.6.1",
"0.8.6.2",
"0.8.7",
"0.8.8",
"0.8.9",
"0.9.0",
"0.9.1",
"0.9.2",
"0.9.4",
"0.9.5",
"0.9.6",
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.1.0",
"1.2.0",
"1.3.0",
"1.3.1",
"1.3.1.dev20221207092718",
"1.3.1.dev20221208144623",
"1.3.2.dev20221219124041",
"1.3.2.dev20230104092258",
"1.3.2.dev20230111091637",
"1.3.2.dev20230116082152",
"1.3.2.dev20230123090109",
"1.3.2.dev20230123214937",
"1.3.2.dev20230204140326",
"1.3.2.dev20230204140327",
"1.3.2.dev20230206202801",
"1.4.0",
"1.4.0.dev1",
"1.4.0.dev20230211183227",
"1.4.1.dev20230214124715",
"1.4.1.dev20230214162849",
"1.4.1.dev20230215143756",
"1.4.1.dev20230215215857",
"1.4.1.dev20230215233822",
"1.4.1.dev20230220091228",
"1.4.1.dev20230221142230",
"1.4.1.dev20230221181016",
"1.4.1.dev20230227100713",
"1.4.1.dev20230227122659",
"1.4.1.dev20230228121159",
"1.4.1.dev20230228153910",
"1.4.1.dev20230228165600",
"1.4.1.dev20230228191548",
"1.4.1.dev20230228201659",
"1.4.1.dev20230301120556",
"1.4.1.dev20230301143008",
"1.4.1.dev20230302141202",
"1.4.1.dev20230302172423",
"1.4.1.dev20230302214333",
"1.4.1.dev20230306122035",
"1.4.1.dev20230306184751",
"1.4.1.dev20230306202231",
"1.4.1.dev20230307094505",
"1.4.1.dev20230307143506",
"1.4.1.dev20230309160820",
"1.4.1.dev20230309223540",
"1.4.1.dev20230311163149",
"1.4.1.dev20230311211518",
"1.4.1.dev20230312125929",
"1.4.1.dev20230312163603",
"1.4.1.dev20230312230254",
"1.4.1.dev20230313075537",
"1.4.1.dev20230313111050",
"1.4.1.dev20230313203914",
"1.4.1.dev20230314103021",
"1.4.1.dev20230314152116",
"1.4.1.dev20230314222630",
"1.4.1.dev20230315082709",
"1.4.1.dev20230315122031",
"1.4.1.dev20230315151741",
"1.4.1.dev20230315213450",
"1.4.1.dev20230315213523",
"1.4.1.dev20230315213526",
"1.4.1.dev20230316110724",
"1.4.1.dev20230316145113",
"1.4.1.dev20230316165503",
"1.4.1.dev20230316173106",
"1.4.1.dev20230317001446",
"1.4.1.dev20230317162916",
"1.4.1.dev20230317211957",
"1.4.1.dev20230318000729",
"1.4.1.dev20230319154304",
"1.4.1.dev20230320072715",
"1.4.1.dev20230320115709",
"1.4.1.dev20230320190736",
"1.4.1.dev20230320193711",
"1.4.1.dev20230321152751",
"1.4.1.dev20230321182210",
"1.4.1.dev20230321184038",
"1.4.1.dev20230321204209",
"1.4.1.dev20230321210147",
"1.4.1.dev20230321212802",
"1.4.1.dev20230322123811",
"1.4.1.dev20230322164127",
"1.4.1.dev20230322164919",
"1.4.1.dev20230322192706",
"1.4.1.dev20230322193941",
"1.4.1.dev20230323084710",
"1.4.1.dev20230323123259",
"2.0.0",
"2.0.0.dev20230324141211",
"2.0.0.dev20230329104442",
"2.0.0.dev20230329200602",
"2.0.0.dev20230330122648",
"2.0.0.post1",
"2.0.1",
"2.0.1.dev20230331110744",
"2.0.2",
"2.0.3.dev20230516084829",
"2.0.3.dev20230523065743",
"2.1.0",
"2.1.1.dev20230605083031",
"2.1.1.dev20230621080533",
"2.1.1.dev20230708135750",
"2.2.0",
"2.2.1.dev20230805180111",
"2.2.1.dev20230808110233",
"2.2.1.dev20230810214345",
"2.2.1.dev20230812232603",
"2.2.1.dev20230901192724",
"2.2.1.dev20230906090453",
"2.2.1.dev20230915092530",
"2.2.1.dev20230915133353",
"2.2.1.dev20230919235829",
"2.3.0",
"2.3.1",
"2.3.2",
"2.3.3.dev20231017221844",
"2.3.3.dev20231115131756",
"2.3.3.dev20231116102714",
"3.0.0",
"3.0.0.post1",
"3.0.0.post2",
"3.0.0.post3",
"3.0.0.post4",
"3.0.1",
"3.0.2.dev20231126120730",
"3.0.2",
"3.0.3.dev20240104104007",
"3.0.3.dev20240104111550",
"3.0.3.dev20240125101425",
"3.1.0",
"3.1.1.dev20240205105529",
"3.1.1.dev20240228030630",
"3.2.0",
"3.2.1.dev20240325141649",
"3.2.1.dev20240325164039",
"3.2.1.dev20240327073347",
"3.2.1.dev20240327140239",
"3.2.1.dev20240328125316",
"3.3.0",
"3.3.1.dev20240419073811",
"3.3.1.dev20240424163921",
"3.4.0",
"3.4.1.dev20240612220525",
"3.4.1.dev20240613052142",
"3.5.0",
"3.5.1.dev20240717113316",
"3.5.1.dev20240718085020",
"3.5.1.dev20240718105800",
"3.5.1.dev20240719061349",
"3.5.1.dev20240724124129",
"3.5.1.dev20240725060804",
"3.6.0",
"3.6.1.dev20240726125140",
"3.6.1.dev121",
"3.6.1.dev131",
"3.7.0",
"3.7.1.dev1",
"3.7.1",
"3.7.2.dev1",
"3.7.2",
"3.7.3.dev1",
"3.7.3.dev55",
"3.7.3.dev92",
"3.7.3.dev93",
"3.8.0",
"3.8.1.dev1",
"3.8.1",
"3.8.2.dev1",
"3.8.2.dev11"
]
}
],
"aliases": [
"CVE-2023-48054"
],
"details": "Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.",
"id": "PYSEC-2023-243",
"modified": "2024-10-09T12:05:48.156835Z",
"published": "2023-11-16T18:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…