Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:136141256231112202364732HistoryNov 16, 2023 - 12:00 a.m.
Ubuntu: Security Advisory (USN-6473-2)
2023-11-1600:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
ubuntu
python-pip
security advisory
cve-2018-25091
cve-2023-43804
cve-2023-45803
urllib3
cross-origin redirects
http authorization
http cookie
cve
vendorfix
package
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
41.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2023.6473.2");
script_cve_id("CVE-2018-25091", "CVE-2023-43804", "CVE-2023-45803");
script_tag(name:"creation_date", value:"2023-11-16 04:08:48 +0000 (Thu, 16 Nov 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"8.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-10-10 13:44:00 +0000 (Tue, 10 Oct 2023)");
script_name("Ubuntu: Security Advisory (USN-6473-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|20\.04\ LTS|22\.04\ LTS|23\.04|23\.10)");
script_xref(name:"Advisory-ID", value:"USN-6473-2");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6473-2");
script_tag(name:"summary", value:"The remote host is missing an update for the 'python-pip' package(s) announced via the USN-6473-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"USN-6473-1 fixed vulnerabilities in urllib3. This update provides the
corresponding updates for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn't strip HTTP Authorization header
on cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091)
It was discovered that urllib3 didn't strip HTTP Cookie header on
cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-43804)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2023-45803)");
script_tag(name:"affected", value:"'python-pip' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.04, Ubuntu 23.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"python-pip", ver:"8.1.1-2ubuntu0.6+esm6", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-pip-whl", ver:"8.1.1-2ubuntu0.6+esm6", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-pip", ver:"8.1.1-2ubuntu0.6+esm6", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"python-pip", ver:"9.0.1-2.3~ubuntu1.18.04.8+esm2", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-pip-whl", ver:"9.0.1-2.3~ubuntu1.18.04.8+esm2", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-pip", ver:"9.0.1-2.3~ubuntu1.18.04.8+esm2", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"python-pip-whl", ver:"20.0.2-5ubuntu1.10", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-pip", ver:"20.0.2-5ubuntu1.10", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"python3-pip", ver:"22.0.2+dfsg-1ubuntu0.4", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-pip-whl", ver:"22.0.2+dfsg-1ubuntu0.4", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU23.04") {
if(!isnull(res = isdpkgvuln(pkg:"python3-pip", ver:"23.0.1+dfsg-1ubuntu0.2", rls:"UBUNTU23.04"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-pip-whl", ver:"23.0.1+dfsg-1ubuntu0.2", rls:"UBUNTU23.04"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU23.10") {
if(!isnull(res = isdpkgvuln(pkg:"python3-pip", ver:"23.2+dfsg-1ubuntu0.1", rls:"UBUNTU23.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-pip-whl", ver:"23.2+dfsg-1ubuntu0.1", rls:"UBUNTU23.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ubuntu
ubuntu
pip vulnerabilities
2023-11-15 00:00:00
urllib3 vulnerabilities
2023-11-07 00:00:00
osv
osv
python-urllib3 vulnerabilities
2023-11-07 14:20:04
python-pip vulnerabilities
2023-11-15 11:27:24
Moderate: python-urllib3 security update
2024-01-25 00:00:00
cloudfoundry
cloudfoundry
USN-6473-1: urllib3 vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6473-1)
2023-11-08 00:00:00
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)
2024-03-12 00:00:00
Fedora: Security Advisory for python-urllib3 (FEDORA-2023-18f03a150d)
2023-11-05 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : python-urllib3 (EulerOS-SA-2024-1296)
2024-03-12 00:00:00
RHEL 6 : urllib3 (Unpatched Vulnerability)
2024-05-11 00:00:00
almalinux
almalinux
Moderate: python-urllib3 security update
2024-01-25 00:00:00
Moderate: python-urllib3 security update
2024-01-10 00:00:00
Moderate: python3.11-urllib3 security update
2024-04-30 00:00:00
ibm
ibm
oraclelinux
oraclelinux
python-urllib3 security update
2024-01-25 00:00:00
python-urllib3 security update
2024-01-10 00:00:00
python3.11-urllib3 security update
2024-05-02 00:00:00
redhat
redhat
(RHSA-2024:0588) Moderate: python-urllib3 security update
2024-01-30 12:53:27
(RHSA-2024:0300) Moderate: python-urllib3 security update
2024-01-18 16:12:51
(RHSA-2024:0464) Moderate: python-urllib3 security update
2024-01-24 14:41:03
fedora
fedora
[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39
2023-11-03 19:01:21
[SECURITY] Fedora 38 Update: python-urllib3-1.26.18-1.fc38
2023-10-21 01:30:09
[SECURITY] Fedora 37 Update: python-urllib3-1.26.18-1.fc37
2023-11-03 01:10:53
redos
redos
ROS-20240403-11
2024-04-03 00:00:00
ROS-20240405-02
2024-04-05 00:00:00
github
github
urllib3's request body not stripped after redirect from 303 status changes request method to GET
2023-10-17 20:15:25
`Cookie` HTTP header isn't stripped on cross-origin redirects
2023-10-02 23:27:05
Authorization Header forwarded on redirect
2023-10-15 21:30:26
wolfi
wolfi
CVE-2023-45803 vulnerabilities
2024-05-13 09:06:53
CVE-2023-43804 vulnerabilities
2024-05-13 09:06:53
debiancve
debiancve
redhatcve
redhatcve
cgr
cgr
CVE-2023-45803 vulnerabilities
2024-05-13 09:06:52
CVE-2023-43804 vulnerabilities
2024-05-13 09:06:52
cve
cve
prion
prion
Information disclosure
2023-10-04 17:15:00
Design/Logic Flaw
2023-10-17 20:15:00
Authorization
2023-10-15 19:15:00
cbl_mariner
cbl_mariner
amazon
amazon
Medium: python-urllib3
2024-01-03 21:04:00
alpinelinux
alpinelinux
CVE-2023-45803
2023-10-17 20:15:10
CVE-2023-43804
2023-10-04 17:15:10
veracode
veracode
Information Disclosure
2023-10-19 07:19:20
Information Disclosure
2023-10-06 12:09:49
Authorization HTTP Header Leakage
2023-10-16 12:50:32
ubuntucve
ubuntucve
f5
f5
K000138600 : Python vulnerability CVE-2023-43804
2024-02-13 00:00:00
githubexploit
githubexploit
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0211
2024-02-16 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0155
2023-11-25 00:00:00
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
41.4%
Related for OPENVAS:136141256231112202364732