3 matches found
django-b2 (>=0.1.4 <=0.7.0), mdid (=3.6.0) potentially affected by CVE-2022-23651 via b2sdk (>=0.1.6 <=1.0.2)
b2sdk PYPI version =0.1.6, =0.1.4, =0.7.0 - mdid =3.6.0 Source cves: CVE-2022-23651 Source advisory: OSV:PYSEC-2022-33...
CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2022-23651
The CVE-2022-23651 issue affects b2-sdk-python 1.14.0 and earlier on Linux/macOS, where SqliteAccountInfo stores API keys and bucket mappings in a local database file. The vulnerability is a TOCTOU race: the database file is created world-readable and briefly becomes private, allowing a local att...