pysec-2023-243
Vulnerability from pysec
Published
2023-11-16 18:15
Modified
2024-10-09 12:05
Severity ?
Details
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "localstack", "purl": "pkg:pypi/localstack" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "versions": [ "0.0.1", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.1.14", "0.1.15", "0.1.17", "0.1.18", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.10.0", "0.10.1", "0.10.1.1", "0.10.1.2", "0.10.1.3", "0.10.1.4", "0.10.2", "0.10.2.1", "0.10.2.2", "0.10.2.3", "0.10.2.4", "0.10.2.5", "0.10.3", "0.10.3.1", "0.10.3.2", "0.10.4", "0.10.4.1", "0.10.4.2", "0.10.5", "0.10.6", "0.10.7", "0.10.8", "0.11.0", "0.11.0.1", "0.11.0.2", "0.11.0.3", "0.11.0.4", "0.11.0.5", "0.11.1", "0.11.1.1", "0.11.2", "0.11.3", "0.11.3.1", "0.11.3.2", "0.11.3.3", "0.11.4", "0.11.5", "0.11.6", "0.12.0", "0.12.1", "0.12.10", "0.12.11", "0.12.12", "0.12.13", "0.12.13.1", "0.12.14", "0.12.15", "0.12.15.1", "0.12.16", "0.12.16.1", "0.12.16.2", "0.12.17", "0.12.17.1", "0.12.17.2", "0.12.17.3", "0.12.17.4", "0.12.17.5", "0.12.18", "0.12.18.1", "0.12.18.2", "0.12.18.3", "0.12.18.4", "0.12.18.5", "0.12.19", "0.12.19.1", "0.12.19.2", "0.12.19.3", "0.12.19.4", "0.12.2", "0.12.20", "0.12.3", "0.12.4", "0.12.5", "0.12.6", "0.12.6.1", "0.12.7", "0.12.8", "0.12.9", "0.12.9.1", "0.13.0", "0.13.0.1", "0.13.0.10", "0.13.0.11", "0.13.0.2", "0.13.0.3", "0.13.0.4", "0.13.0.5", "0.13.0.6", "0.13.0.7", "0.13.0.8", "0.13.0.9", "0.13.1", "0.13.1.1", "0.13.1.2", "0.13.2", "0.13.2.1", "0.13.3", "0.13.3.1", "0.13.3.2", "0.13.3.3", "0.13.3.4", "0.13.3.5", "0.13.3.6", "0.14.0", "0.14.0.1", "0.14.0.10", "0.14.0.2", "0.14.0.3", "0.14.0.4", "0.14.0.5", "0.14.0.6", "0.14.0.7", "0.14.0.8", "0.14.0.9", "0.14.1", "0.14.1.1", "0.14.1.2", "0.14.1.3", "0.14.2", "0.14.2.1", "0.14.2.10", "0.14.2.11", "0.14.2.2", "0.14.2.3", "0.14.2.4", "0.14.2.5", "0.14.2.6", "0.14.2.7", "0.14.2.8", "0.14.2.9", "0.14.3", "0.14.3.1", "0.14.3.2", "0.14.3.3", "0.14.3.4", "0.14.3.5", "0.14.3.6", "0.14.4", "0.14.5", "0.2.0", "0.2.1", "0.2.10", "0.2.11", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.3.0", "0.3.10", "0.3.11", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.5.0", "0.5.1", "0.5.2", "0.5.2.1", "0.5.2.2", "0.5.2.3", "0.5.3", "0.5.3.1", "0.5.4", "0.5.5", "0.6.0.1", "0.6.0.2", "0.6.1", "0.6.1.1", "0.7.0", "0.7.1", "0.7.2", "0.7.3", "0.7.4", "0.7.4.1", "0.7.4.2", "0.7.4.3", "0.7.5", "0.8.0", "0.8.1", "0.8.10", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.6.1", "0.8.6.2", "0.8.7", "0.8.8", "0.8.9", "0.9.0", "0.9.1", "0.9.2", "0.9.4", "0.9.5", "0.9.6", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.1.0", "1.2.0", "1.3.0", "1.3.1", "1.3.1.dev20221207092718", "1.3.1.dev20221208144623", "1.3.2.dev20221219124041", "1.3.2.dev20230104092258", "1.3.2.dev20230111091637", "1.3.2.dev20230116082152", "1.3.2.dev20230123090109", "1.3.2.dev20230123214937", "1.3.2.dev20230204140326", "1.3.2.dev20230204140327", "1.3.2.dev20230206202801", "1.4.0", "1.4.0.dev1", "1.4.0.dev20230211183227", "1.4.1.dev20230214124715", "1.4.1.dev20230214162849", "1.4.1.dev20230215143756", "1.4.1.dev20230215215857", "1.4.1.dev20230215233822", "1.4.1.dev20230220091228", "1.4.1.dev20230221142230", "1.4.1.dev20230221181016", "1.4.1.dev20230227100713", "1.4.1.dev20230227122659", "1.4.1.dev20230228121159", "1.4.1.dev20230228153910", "1.4.1.dev20230228165600", "1.4.1.dev20230228191548", "1.4.1.dev20230228201659", "1.4.1.dev20230301120556", "1.4.1.dev20230301143008", "1.4.1.dev20230302141202", "1.4.1.dev20230302172423", "1.4.1.dev20230302214333", "1.4.1.dev20230306122035", "1.4.1.dev20230306184751", "1.4.1.dev20230306202231", "1.4.1.dev20230307094505", "1.4.1.dev20230307143506", "1.4.1.dev20230309160820", "1.4.1.dev20230309223540", "1.4.1.dev20230311163149", "1.4.1.dev20230311211518", "1.4.1.dev20230312125929", "1.4.1.dev20230312163603", "1.4.1.dev20230312230254", "1.4.1.dev20230313075537", "1.4.1.dev20230313111050", "1.4.1.dev20230313203914", "1.4.1.dev20230314103021", "1.4.1.dev20230314152116", "1.4.1.dev20230314222630", "1.4.1.dev20230315082709", "1.4.1.dev20230315122031", "1.4.1.dev20230315151741", "1.4.1.dev20230315213450", "1.4.1.dev20230315213523", "1.4.1.dev20230315213526", "1.4.1.dev20230316110724", "1.4.1.dev20230316145113", "1.4.1.dev20230316165503", "1.4.1.dev20230316173106", "1.4.1.dev20230317001446", "1.4.1.dev20230317162916", "1.4.1.dev20230317211957", "1.4.1.dev20230318000729", "1.4.1.dev20230319154304", "1.4.1.dev20230320072715", "1.4.1.dev20230320115709", "1.4.1.dev20230320190736", "1.4.1.dev20230320193711", "1.4.1.dev20230321152751", "1.4.1.dev20230321182210", "1.4.1.dev20230321184038", "1.4.1.dev20230321204209", "1.4.1.dev20230321210147", "1.4.1.dev20230321212802", "1.4.1.dev20230322123811", "1.4.1.dev20230322164127", "1.4.1.dev20230322164919", "1.4.1.dev20230322192706", "1.4.1.dev20230322193941", "1.4.1.dev20230323084710", "1.4.1.dev20230323123259", "2.0.0", "2.0.0.dev20230324141211", "2.0.0.dev20230329104442", "2.0.0.dev20230329200602", "2.0.0.dev20230330122648", "2.0.0.post1", "2.0.1", "2.0.1.dev20230331110744", "2.0.2", "2.0.3.dev20230516084829", "2.0.3.dev20230523065743", "2.1.0", "2.1.1.dev20230605083031", "2.1.1.dev20230621080533", "2.1.1.dev20230708135750", "2.2.0", "2.2.1.dev20230805180111", "2.2.1.dev20230808110233", "2.2.1.dev20230810214345", "2.2.1.dev20230812232603", "2.2.1.dev20230901192724", "2.2.1.dev20230906090453", "2.2.1.dev20230915092530", "2.2.1.dev20230915133353", "2.2.1.dev20230919235829", "2.3.0", "2.3.1", "2.3.2", "2.3.3.dev20231017221844", "2.3.3.dev20231115131756", "2.3.3.dev20231116102714", "3.0.0", "3.0.0.post1", "3.0.0.post2", "3.0.0.post3", "3.0.0.post4", "3.0.1", "3.0.2.dev20231126120730", "3.0.2", "3.0.3.dev20240104104007", "3.0.3.dev20240104111550", "3.0.3.dev20240125101425", "3.1.0", "3.1.1.dev20240205105529", "3.1.1.dev20240228030630", "3.2.0", "3.2.1.dev20240325141649", "3.2.1.dev20240325164039", "3.2.1.dev20240327073347", "3.2.1.dev20240327140239", "3.2.1.dev20240328125316", "3.3.0", "3.3.1.dev20240419073811", "3.3.1.dev20240424163921", "3.4.0", "3.4.1.dev20240612220525", "3.4.1.dev20240613052142", "3.5.0", "3.5.1.dev20240717113316", "3.5.1.dev20240718085020", "3.5.1.dev20240718105800", "3.5.1.dev20240719061349", "3.5.1.dev20240724124129", "3.5.1.dev20240725060804", "3.6.0", "3.6.1.dev20240726125140", "3.6.1.dev121", "3.6.1.dev131", "3.7.0", "3.7.1.dev1", "3.7.1", "3.7.2.dev1", "3.7.2", "3.7.3.dev1", "3.7.3.dev55", "3.7.3.dev92", "3.7.3.dev93", "3.8.0", "3.8.1.dev1", "3.8.1", "3.8.2.dev1", "3.8.2.dev11" ] } ], "aliases": [ "CVE-2023-48054" ], "details": "Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.", "id": "PYSEC-2023-243", "modified": "2024-10-09T12:05:48.156835Z", "published": "2023-11-16T18:15:00Z", "references": [ { "type": "WEB", "url": "https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.