Lucene search
K

Linux Distros Unpatched Vulnerability : CVE-2023-30861

🗓️ 05 Mar 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

Linux hosts with unpatched vulnerability CVE-2023-30861 affecting Flask session cookie handling.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerability in Flask affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-30861]
4 Mar 202509:04
ibm
IBM Security Bulletins
Security Bulletin: Session Cookie Exposure via Improper Cache Handling in Flask (≤ v2.3.1, ≤ v2.2.4), affects watsonx.data
8 Apr 202610:31
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect
30 Aug 202317:27
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus
10 Mar 202620:52
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
28 Feb 202421:30
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
15 Apr 202503:04
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
7 Jun 202316:53
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Pallets Flask affects IBM Process Mining . CVE-2023-30861
27 Jun 202310:57
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)
19 Jun 202309:03
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
29 Apr 202416:48
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(227086);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/18");

  script_cve_id("CVE-2023-30861");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-30861");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a
    response containing data intended for one client may be cached and subsequently sent by the proxy to other
    clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other
    clients. The severity depends on the application's use of the session and the proxy's behavior regarding
    cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a
    caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets
    `session.permanent = True` 3. The application does not access or modify the session at any point during a
    request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a
    `Cache-Control` header to indicate that a page is private or should not be cached. This happens because
    vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified,
    not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue
    has been fixed in versions 2.3.2 and 2.2.5. (CVE-2023-30861)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2023-30861");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-30861");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python3-flask");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-flask");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/CentOS Linux-8", "Host/OS/Red Hat Enterprise Linux-8");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "CentOS Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "python3-flask"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-8": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "8",
        "pkgs": [
          {"reference": "python3-flask"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Aug 2025 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.5
EPSS0.01261
SSVC
8