Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:136141256231112202467991
HistoryMay 30, 2024 - 12:00 a.m.

Ubuntu: Security Advisory (USN-6799-1)

2024-05-3000:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
1
python werkzeug package
ubuntu security advisory
remote code execution
ubuntu 16.04
ubuntu 18.04
ubuntu 20.04
ubuntu 22.04
ubuntu 23.10
ubuntu 24.04

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.12.2024.6799.1");
  script_cve_id("CVE-2024-34069");
  script_tag(name:"creation_date", value:"2024-05-30 04:08:53 +0000 (Thu, 30 May 2024)");
  script_version("2024-05-30T05:05:32+0000");
  script_tag(name:"last_modification", value:"2024-05-30 05:05:32 +0000 (Thu, 30 May 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_name("Ubuntu: Security Advisory (USN-6799-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|20\.04\ LTS|22\.04\ LTS|23\.10|24\.04\ LTS)");

  script_xref(name:"Advisory-ID", value:"USN-6799-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6799-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'python-werkzeug' package(s) announced via the USN-6799-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"It was discovered that the debugger in Werkzeug was not restricted to
trusted hosts. A remote attacker could possibly use this issue to execute
code on the host under certain circumstances.");

  script_tag(name:"affected", value:"'python-werkzeug' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.10, Ubuntu 24.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU16.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"python-werkzeug", ver:"0.10.4+dfsg1-1ubuntu1.2+esm2", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python3-werkzeug", ver:"0.10.4+dfsg1-1ubuntu1.2+esm2", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU18.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"python-werkzeug", ver:"0.14.1+dfsg1-1ubuntu0.2+esm1", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python3-werkzeug", ver:"0.14.1+dfsg1-1ubuntu0.2+esm1", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU20.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"python3-werkzeug", ver:"0.16.1+dfsg1-2ubuntu0.2", rls:"UBUNTU20.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU22.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"python3-werkzeug", ver:"2.0.2+dfsg1-1ubuntu0.22.04.2", rls:"UBUNTU22.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU23.10") {

  if(!isnull(res = isdpkgvuln(pkg:"python3-werkzeug", ver:"2.2.2-3ubuntu0.1", rls:"UBUNTU23.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU24.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"python3-werkzeug", ver:"3.0.1-3ubuntu0.1", rls:"UBUNTU24.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 9
cvelist 1
fedora 2
nessus 9
cgr 1
cbl_mariner 2
veracode 1
ubuntu 1
vulnrichment 1
github 1
osv 3
redhatcve 1
debiancve 1
nvd 1
ubuntucve 1
mageia 1
cve 1
wolfi 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1608-1)
2024-05-13 00:00:00
Mageia: Security Advisory (MGASA-2024-0234)
2024-06-25 00:00:00
openSUSE: Security Advisory for python (SUSE-SU-2024:1591-1)
2024-05-13 00:00:00
cvelist
cvelist
CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
2024-05-06 14:44:38
fedora
fedora
[SECURITY] Fedora 38 Update: mingw-python-werkzeug-2.2.3-2.fc38
2024-05-19 01:17:04
[SECURITY] Fedora 40 Update: mingw-python-werkzeug-3.0.3-1.fc40
2024-05-16 01:52:36
nessus
nessus
Fedora 40 : mingw-python-werkzeug (2024-8e8ff9d6ec)
2024-05-16 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2024:1608-1)
2024-05-11 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Werkzeug vulnerability (USN-6799-1)
2024-05-29 00:00:00
cgr
cgr
CVE-2024-34069 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2024-34069 affecting package python-werkzeug for versions less than 3.0.3-1
2024-06-21 09:32:44
CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2
2024-05-17 05:57:11
veracode
veracode
Remote Code Execution (RCE)
2024-05-07 08:15:37
ubuntu
ubuntu
Werkzeug vulnerability
2024-05-29 00:00:00
vulnrichment
vulnrichment
CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
2024-05-06 14:44:38
github
github
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
2024-05-06 14:21:27
osv
osv
CVE-2024-34069
2024-05-06 15:15:23
python-werkzeug vulnerability
2024-05-29 15:38:21
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
2024-05-06 14:21:27
redhatcve
redhatcve
CVE-2024-34069
2024-05-07 05:54:55
debiancve
debiancve
CVE-2024-34069
2024-05-06 15:15:23
nvd
nvd
CVE-2024-34069
2024-05-06 15:15:23
ubuntucve
ubuntucve
CVE-2024-34069
2024-05-06 00:00:00
mageia
mageia
Updated python-werkzeug packages fix security vulnerability
2024-06-24 22:04:12
cve
cve
CVE-2024-34069
2024-05-06 15:15:23
wolfi
wolfi
CVE-2024-34069 vulnerabilities
2024-06-26 09:08:30

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON
Related for OPENVAS:136141256231112202467991
openvas9cvelist1fedora2nessus9cgr1cbl_mariner2veracode1ubuntu1vulnrichment1github1osv3redhatcve1debiancve1nvd1ubuntucve1mageia1cve1wolfi1