Lucene search
GoogleOSV:GHSA-4433-4CXQ-VV73HistoryMay 17, 2022 - 3:46 a.m.
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
2022-05-1703:46:28
Google
osv.dev
6
simplegeo
python
oauth2
server
verify_request
vulnerability
replay attacks
signed url
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
The vulnerability does not appear to be patched according to the following discussion.
References
www.openwall.com/lists/oss-security/2013/09/12/7
access.redhat.com/errata/RHSA-2015:1591
access.redhat.com/errata/RHSA-2015:1592
access.redhat.com/security/cve/CVE-2013-4346
bugzilla.redhat.com/show_bug.cgi?id=1007746
github.com/joestump/python-oauth2
github.com/simplegeo/python-oauth2/issues/129
nvd.nist.gov/vuln/detail/CVE-2013-4346
web.archive.org/web/20200228063302/www.securityfocus.com/bid/62386
Related
prion
prion
Design/Logic Flaw
2014-05-20 14:55:00
cve
cve
CVE-2013-4346
2014-05-20 14:55:04
github
github
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
2022-05-17 03:46:28
cvelist
cvelist
CVE-2013-4346
2014-05-20 14:00:00
veracode
veracode
Nonce Values Unchecked
2019-01-15 09:07:14
Cross-Site Scripting (XSS)
2019-05-02 05:42:13
Privilege Escalation
2019-05-02 05:42:26
nvd
nvd
CVE-2013-4346
2014-05-20 14:55:04
osv
osv
PYSEC-2014-85
2014-05-20 14:55:00
ubuntucve
ubuntucve
CVE-2013-4346
2014-05-20 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: python-oauth2-1.5.211-8.fc21
2014-11-01 16:22:17
[SECURITY] Fedora 19 Update: python-oauth2-1.5.211-8.fc19
2014-10-28 06:43:39
[SECURITY] Fedora 19 Update: python-oauth2-1.5.211-7.fc19
2014-09-26 09:04:38
openvas
openvas
Fedora Update for python-oauth2 FEDORA-2014-10786
2014-10-01 00:00:00
Fedora Update for python-oauth2 FEDORA-2014-10784
2014-10-01 00:00:00
Fedora Update for python-oauth2 FEDORA-2014-12475
2014-10-29 00:00:00
nessus
nessus
Fedora 21 : python-oauth2-1.5.211-7.fc21 (2014-10809)
2014-09-29 00:00:00
Fedora 19 : python-oauth2-1.5.211-7.fc19 (2014-10784)
2014-09-29 00:00:00
Fedora 19 : python-oauth2-1.5.211-8.fc19 (2014-12536)
2014-10-29 00:00:00
amazon
amazon
Medium: python-oauth2
2014-10-14 10:04:00
redhat
redhat
(RHSA-2015:1592) Important: Red Hat Satellite 6.1.1 on RHEL 6
2015-08-12 04:47:35
(RHSA-2015:1591) Important: Red Hat Satellite 6.1.1 on RHEL 7
2015-08-12 04:38:51