Lucene search

K

[email protected]CVE-2018-20852

HistoryJul 13, 2019 - 9:15 p.m.

CVE-2018-20852

2019-07-1321:15:00

CWE-20

[email protected]

web.nvd.nist.gov

736

cve-2018-20852

security

python

cookie theft

vulnerability

nvd

http.cookiejar defaultpolicy

domain_return_ok

lib

http

cookiejar

python

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

CPENameOperatorVersion
python:pythonpythonle2.7.16
python:pythonpythonlt3.7.3
python:pythonpythonlt3.6.9
python:pythonpythonlt3.5.7
python:pythonpythonlt3.4.10

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html

lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

access.redhat.com/errata/RHSA-2019:3725

access.redhat.com/errata/RHSA-2019:3948

bugs.python.org/issue35121

lists.debian.org/debian-lts-announce/2019/08/msg00022.html

lists.debian.org/debian-lts-announce/2019/08/msg00040.html

lists.debian.org/debian-lts-announce/2020/07/msg00011.html

lists.debian.org/debian-lts-announce/2020/08/msg00034.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/

python-security.readthedocs.io/vuln/cookie-domain-check.html

security.gentoo.org/glsa/202003-26

usn.ubuntu.com/4127-1/

usn.ubuntu.com/4127-2/

www.oracle.com/security-alerts/cpuapr2020.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

Related for CVE-2018-20852

nessus62 oraclelinux8 osv7 veracode1 debiancve1 redhatcve1 openvas21 debian4 ibm5 suse3 prion1 ubuntucve1 amazon2 redhat8 centos2 fedora6 cloudlinux2 photon6 almalinux1 gentoo1 rocky1 ubuntu2 cloudfoundry1 oracle1