Lucene search
K

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2026-1079)

🗓️ 15 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

EulerOS python-pip has server side request forgery risks in urllib3 redirects, header leakage in Requests, and tar extraction symlink risks.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a URL Redirection to Untrusted Site ('Open Redirect') in urllib3 [CVE-2025-50181, CVE-2025-50182]
27 Feb 202615:59
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
13 Mar 202616:55
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs.
7 Apr 202519:17
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus
10 Mar 202620:52
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
26 Mar 202504:03
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities
6 May 202519:09
ibm
IBM Security Bulletins
Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-32681)
26 Jan 202421:53
ibm
IBM Security Bulletins
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
27 Sep 202313:24
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator
28 Aug 202308:17
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
30 Nov 202318:45
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(284735);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/15");

  script_cve_id("CVE-2023-32681", "CVE-2025-8869", "CVE-2025-50181");

  script_name(english:"EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2026-1079)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected
by the following vulnerabilities :

    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable
    redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable
    redirects. By default, requests and botocore users are not affected. An application attempting to mitigate
    SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain
    vulnerable. This issue has been patched in version 2.5.0.(CVE-2025-50181)

    Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to
    destination servers when redirected to an HTTPS endpoint. This is a product of how we use
    `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent
    through the tunnel, the proxy will identify the header in the request itself and remove it prior to
    forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must
    be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in
    Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious
    actor to potentially exfiltrate sensitive information. This issue has been patched in version
    2.31.0.(CVE-2023-32681)

    When extracting a tar archive pip may not check symbolic links point into the extraction directory if the
    tarfile module doesn't implement PEP 706.
    Note that upgrading pip to a 'fixed' version for this vulnerability doesn't fix all known vulnerabilities
    that are remediated by using a Python version that implements PEP 706.

    Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions
    that don't implement PEP 706
    and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a
    Python version that implements PEP 706
    then pip doesn't use the 'vulnerable' fallback code.

    Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version
    that implements PEP 706 (Python =3.9.17, =3.10.12, =3.11.4, or =3.12),
    applying the linked patch, or inspecting source distributions (sdists) before installation as is already a
    best-practice.(CVE-2025-8869)

Tenable has extracted the preceding description block directly from the EulerOS python-pip security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-1079
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?286c7cc6");
  script_set_attribute(attribute:"solution", value:
"Update the affected python-pip packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-50181");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-8869");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-pip-wheel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-pip");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(12)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);

var flag = 0;

var pkgs = [
  "python-pip-wheel-21.3.1-2.h7.eulerosv2r12",
  "python3-pip-21.3.1-2.h7.eulerosv2r12"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"12", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-pip");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Jan 2026 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.16.1
CVSS 45.9
EPSS0.02782
SSVC
4