Lucene search
K

EulerOS Virtualization 2.9.0 : pyyaml (EulerOS-SA-2021-1755)

🗓️ 15 Apr 2021 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 42 Views

EulerOS Virtualization 2.9.0 : pyyaml vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
ALT Linux
Security fix for the ALT Linux 9 package python-module-yaml version 5.4.1-alt0.p9
22 Mar 202100:00
altlinux
IBM Security Bulletins
Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)
28 Mar 202216:33
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
12 Jan 202317:19
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]
11 Mar 202412:51
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities
15 Dec 202314:31
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)
4 Dec 202006:02
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
18 Aug 202504:31
ibm
IBM Security Bulletins
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
1 Apr 202216:38
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2020-14343]
26 Apr 202520:00
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
9 Oct 202020:01
ibm
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(148591);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/02");

  script_cve_id("CVE-2020-14343");
  script_xref(name:"IAVA", value:"2021-A-0463");

  script_name(english:"EulerOS Virtualization 2.9.0 : pyyaml (EulerOS-SA-2021-1755)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the pyyaml package installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :

  - A vulnerability was discovered in the PyYAML library in
    versions before 5.4, where it is susceptible to
    arbitrary code execution when it processes untrusted
    YAML files through the full_load method or with the
    FullLoader loader. Applications that use the library to
    process untrusted input may be vulnerable to this flaw.
    This flaw allows an attacker to execute arbitrary code
    on the system by abusing the python/object/new
    constructor. This flaw is due to an incomplete fix for
    CVE-2020-1747.(CVE-2020-14343)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1755
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12e9efce");
  script_set_attribute(attribute:"solution", value:
"Update the affected pyyaml package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14343");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-pyyaml");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["python3-pyyaml-5.3.1-1.h2.eulerosv2r9"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pyyaml");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Dec 2025 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 3.19.8
CVSS 210
EPSS0.05984
42