Lucene search

Fedora: Security Advisory for python-oauthlib (FEDORA-2023-49ded4c9a5)

Fedora: Security Advisory for python-oauthli

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 54
IBM Security Bulletins	Security Bulletin: Vulnerability in OAuthlib affects IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift (CVE-2022-36087)	13 Dec 202215:58	–	ibm
IBM Security Bulletins	Security Bulletin: OAuthlib is vulnerable to CVE-2022-36087 used in IBM Maximo Application Suite - Monitor Component	24 Jul 202317:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OAuthLib	30 Nov 202210:24	–	ibm
IBM Security Bulletins	Security Bulletin: OAuthlib is vulnerable to CVE-2022-36087 used in IBM Maximo Application Suite	2 May 202317:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	16 Jun 202315:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	26 Mar 202503:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Mar 202503:30	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data	12 Dec 202317:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	20 Jun 202304:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	30 Nov 202318:45	–	ibm

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.884881");
  script_version("2023-10-13T16:09:03+0000");
  script_cve_id("CVE-2022-36087");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-09-15 03:35:00 +0000 (Thu, 15 Sep 2022)");
  script_tag(name:"creation_date", value:"2023-09-28 01:13:58 +0000 (Thu, 28 Sep 2023)");
  script_name("Fedora: Security Advisory for python-oauthlib (FEDORA-2023-49ded4c9a5)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC37");

  script_xref(name:"Advisory-ID", value:"FEDORA-2023-49ded4c9a5");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'python-oauthlib'
  package(s) announced via the FEDORA-2023-49ded4c9a5 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft
OAuth client support onto your favorite HTTP library, or provider support
onto your favourite web framework. If you&#39, re a maintainer of such a
library, write a thin veneer on top of OAuthLib and get OAuth support for
very little effort.");

  script_tag(name:"affected", value:"'python-oauthlib' package(s) on Fedora 37.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC37") {

  if(!isnull(res = isrpmvuln(pkg:"python-oauthlib", rpm:"python-oauthlib~3.2.2~1.fc37", rls:"FC37"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Sep 2023 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS35.7 - 6.5

EPSS0.00315

SSVC