pysec-2023-243
Vulnerability from pysec
Published
2023-11-16 18:15
Modified
2024-10-09 12:05
Details

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

Aliases



{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "localstack",
        "purl": "pkg:pypi/localstack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1",
        "0.1.10",
        "0.1.11",
        "0.1.12",
        "0.1.13",
        "0.1.14",
        "0.1.15",
        "0.1.17",
        "0.1.18",
        "0.1.5",
        "0.1.6",
        "0.1.7",
        "0.1.8",
        "0.1.9",
        "0.10.0",
        "0.10.1",
        "0.10.1.1",
        "0.10.1.2",
        "0.10.1.3",
        "0.10.1.4",
        "0.10.2",
        "0.10.2.1",
        "0.10.2.2",
        "0.10.2.3",
        "0.10.2.4",
        "0.10.2.5",
        "0.10.3",
        "0.10.3.1",
        "0.10.3.2",
        "0.10.4",
        "0.10.4.1",
        "0.10.4.2",
        "0.10.5",
        "0.10.6",
        "0.10.7",
        "0.10.8",
        "0.11.0",
        "0.11.0.1",
        "0.11.0.2",
        "0.11.0.3",
        "0.11.0.4",
        "0.11.0.5",
        "0.11.1",
        "0.11.1.1",
        "0.11.2",
        "0.11.3",
        "0.11.3.1",
        "0.11.3.2",
        "0.11.3.3",
        "0.11.4",
        "0.11.5",
        "0.11.6",
        "0.12.0",
        "0.12.1",
        "0.12.10",
        "0.12.11",
        "0.12.12",
        "0.12.13",
        "0.12.13.1",
        "0.12.14",
        "0.12.15",
        "0.12.15.1",
        "0.12.16",
        "0.12.16.1",
        "0.12.16.2",
        "0.12.17",
        "0.12.17.1",
        "0.12.17.2",
        "0.12.17.3",
        "0.12.17.4",
        "0.12.17.5",
        "0.12.18",
        "0.12.18.1",
        "0.12.18.2",
        "0.12.18.3",
        "0.12.18.4",
        "0.12.18.5",
        "0.12.19",
        "0.12.19.1",
        "0.12.19.2",
        "0.12.19.3",
        "0.12.19.4",
        "0.12.2",
        "0.12.20",
        "0.12.3",
        "0.12.4",
        "0.12.5",
        "0.12.6",
        "0.12.6.1",
        "0.12.7",
        "0.12.8",
        "0.12.9",
        "0.12.9.1",
        "0.13.0",
        "0.13.0.1",
        "0.13.0.10",
        "0.13.0.11",
        "0.13.0.2",
        "0.13.0.3",
        "0.13.0.4",
        "0.13.0.5",
        "0.13.0.6",
        "0.13.0.7",
        "0.13.0.8",
        "0.13.0.9",
        "0.13.1",
        "0.13.1.1",
        "0.13.1.2",
        "0.13.2",
        "0.13.2.1",
        "0.13.3",
        "0.13.3.1",
        "0.13.3.2",
        "0.13.3.3",
        "0.13.3.4",
        "0.13.3.5",
        "0.13.3.6",
        "0.14.0",
        "0.14.0.1",
        "0.14.0.10",
        "0.14.0.2",
        "0.14.0.3",
        "0.14.0.4",
        "0.14.0.5",
        "0.14.0.6",
        "0.14.0.7",
        "0.14.0.8",
        "0.14.0.9",
        "0.14.1",
        "0.14.1.1",
        "0.14.1.2",
        "0.14.1.3",
        "0.14.2",
        "0.14.2.1",
        "0.14.2.10",
        "0.14.2.11",
        "0.14.2.2",
        "0.14.2.3",
        "0.14.2.4",
        "0.14.2.5",
        "0.14.2.6",
        "0.14.2.7",
        "0.14.2.8",
        "0.14.2.9",
        "0.14.3",
        "0.14.3.1",
        "0.14.3.2",
        "0.14.3.3",
        "0.14.3.4",
        "0.14.3.5",
        "0.14.3.6",
        "0.14.4",
        "0.14.5",
        "0.2.0",
        "0.2.1",
        "0.2.10",
        "0.2.11",
        "0.2.2",
        "0.2.3",
        "0.2.4",
        "0.2.5",
        "0.2.6",
        "0.2.7",
        "0.2.8",
        "0.2.9",
        "0.3.0",
        "0.3.10",
        "0.3.11",
        "0.3.2",
        "0.3.3",
        "0.3.4",
        "0.3.5",
        "0.3.6",
        "0.3.7",
        "0.3.8",
        "0.3.9",
        "0.4.0",
        "0.4.1",
        "0.4.2",
        "0.4.3",
        "0.5.0",
        "0.5.1",
        "0.5.2",
        "0.5.2.1",
        "0.5.2.2",
        "0.5.2.3",
        "0.5.3",
        "0.5.3.1",
        "0.5.4",
        "0.5.5",
        "0.6.0.1",
        "0.6.0.2",
        "0.6.1",
        "0.6.1.1",
        "0.7.0",
        "0.7.1",
        "0.7.2",
        "0.7.3",
        "0.7.4",
        "0.7.4.1",
        "0.7.4.2",
        "0.7.4.3",
        "0.7.5",
        "0.8.0",
        "0.8.1",
        "0.8.10",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.8.5",
        "0.8.6",
        "0.8.6.1",
        "0.8.6.2",
        "0.8.7",
        "0.8.8",
        "0.8.9",
        "0.9.0",
        "0.9.1",
        "0.9.2",
        "0.9.4",
        "0.9.5",
        "0.9.6",
        "1.0.0",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.1.0",
        "1.2.0",
        "1.3.0",
        "1.3.1",
        "1.3.1.dev20221207092718",
        "1.3.1.dev20221208144623",
        "1.3.2.dev20221219124041",
        "1.3.2.dev20230104092258",
        "1.3.2.dev20230111091637",
        "1.3.2.dev20230116082152",
        "1.3.2.dev20230123090109",
        "1.3.2.dev20230123214937",
        "1.3.2.dev20230204140326",
        "1.3.2.dev20230204140327",
        "1.3.2.dev20230206202801",
        "1.4.0",
        "1.4.0.dev1",
        "1.4.0.dev20230211183227",
        "1.4.1.dev20230214124715",
        "1.4.1.dev20230214162849",
        "1.4.1.dev20230215143756",
        "1.4.1.dev20230215215857",
        "1.4.1.dev20230215233822",
        "1.4.1.dev20230220091228",
        "1.4.1.dev20230221142230",
        "1.4.1.dev20230221181016",
        "1.4.1.dev20230227100713",
        "1.4.1.dev20230227122659",
        "1.4.1.dev20230228121159",
        "1.4.1.dev20230228153910",
        "1.4.1.dev20230228165600",
        "1.4.1.dev20230228191548",
        "1.4.1.dev20230228201659",
        "1.4.1.dev20230301120556",
        "1.4.1.dev20230301143008",
        "1.4.1.dev20230302141202",
        "1.4.1.dev20230302172423",
        "1.4.1.dev20230302214333",
        "1.4.1.dev20230306122035",
        "1.4.1.dev20230306184751",
        "1.4.1.dev20230306202231",
        "1.4.1.dev20230307094505",
        "1.4.1.dev20230307143506",
        "1.4.1.dev20230309160820",
        "1.4.1.dev20230309223540",
        "1.4.1.dev20230311163149",
        "1.4.1.dev20230311211518",
        "1.4.1.dev20230312125929",
        "1.4.1.dev20230312163603",
        "1.4.1.dev20230312230254",
        "1.4.1.dev20230313075537",
        "1.4.1.dev20230313111050",
        "1.4.1.dev20230313203914",
        "1.4.1.dev20230314103021",
        "1.4.1.dev20230314152116",
        "1.4.1.dev20230314222630",
        "1.4.1.dev20230315082709",
        "1.4.1.dev20230315122031",
        "1.4.1.dev20230315151741",
        "1.4.1.dev20230315213450",
        "1.4.1.dev20230315213523",
        "1.4.1.dev20230315213526",
        "1.4.1.dev20230316110724",
        "1.4.1.dev20230316145113",
        "1.4.1.dev20230316165503",
        "1.4.1.dev20230316173106",
        "1.4.1.dev20230317001446",
        "1.4.1.dev20230317162916",
        "1.4.1.dev20230317211957",
        "1.4.1.dev20230318000729",
        "1.4.1.dev20230319154304",
        "1.4.1.dev20230320072715",
        "1.4.1.dev20230320115709",
        "1.4.1.dev20230320190736",
        "1.4.1.dev20230320193711",
        "1.4.1.dev20230321152751",
        "1.4.1.dev20230321182210",
        "1.4.1.dev20230321184038",
        "1.4.1.dev20230321204209",
        "1.4.1.dev20230321210147",
        "1.4.1.dev20230321212802",
        "1.4.1.dev20230322123811",
        "1.4.1.dev20230322164127",
        "1.4.1.dev20230322164919",
        "1.4.1.dev20230322192706",
        "1.4.1.dev20230322193941",
        "1.4.1.dev20230323084710",
        "1.4.1.dev20230323123259",
        "2.0.0",
        "2.0.0.dev20230324141211",
        "2.0.0.dev20230329104442",
        "2.0.0.dev20230329200602",
        "2.0.0.dev20230330122648",
        "2.0.0.post1",
        "2.0.1",
        "2.0.1.dev20230331110744",
        "2.0.2",
        "2.0.3.dev20230516084829",
        "2.0.3.dev20230523065743",
        "2.1.0",
        "2.1.1.dev20230605083031",
        "2.1.1.dev20230621080533",
        "2.1.1.dev20230708135750",
        "2.2.0",
        "2.2.1.dev20230805180111",
        "2.2.1.dev20230808110233",
        "2.2.1.dev20230810214345",
        "2.2.1.dev20230812232603",
        "2.2.1.dev20230901192724",
        "2.2.1.dev20230906090453",
        "2.2.1.dev20230915092530",
        "2.2.1.dev20230915133353",
        "2.2.1.dev20230919235829",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3.dev20231017221844",
        "2.3.3.dev20231115131756",
        "2.3.3.dev20231116102714",
        "3.0.0",
        "3.0.0.post1",
        "3.0.0.post2",
        "3.0.0.post3",
        "3.0.0.post4",
        "3.0.1",
        "3.0.2.dev20231126120730",
        "3.0.2",
        "3.0.3.dev20240104104007",
        "3.0.3.dev20240104111550",
        "3.0.3.dev20240125101425",
        "3.1.0",
        "3.1.1.dev20240205105529",
        "3.1.1.dev20240228030630",
        "3.2.0",
        "3.2.1.dev20240325141649",
        "3.2.1.dev20240325164039",
        "3.2.1.dev20240327073347",
        "3.2.1.dev20240327140239",
        "3.2.1.dev20240328125316",
        "3.3.0",
        "3.3.1.dev20240419073811",
        "3.3.1.dev20240424163921",
        "3.4.0",
        "3.4.1.dev20240612220525",
        "3.4.1.dev20240613052142",
        "3.5.0",
        "3.5.1.dev20240717113316",
        "3.5.1.dev20240718085020",
        "3.5.1.dev20240718105800",
        "3.5.1.dev20240719061349",
        "3.5.1.dev20240724124129",
        "3.5.1.dev20240725060804",
        "3.6.0",
        "3.6.1.dev20240726125140",
        "3.6.1.dev121",
        "3.6.1.dev131",
        "3.7.0",
        "3.7.1.dev1",
        "3.7.1",
        "3.7.2.dev1",
        "3.7.2",
        "3.7.3.dev1",
        "3.7.3.dev55",
        "3.7.3.dev92",
        "3.7.3.dev93",
        "3.8.0",
        "3.8.1.dev1",
        "3.8.1",
        "3.8.2.dev1",
        "3.8.2.dev11"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-48054"
  ],
  "details": "Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.",
  "id": "PYSEC-2023-243",
  "modified": "2024-10-09T12:05:48.156835Z",
  "published": "2023-11-16T18:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.