Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43148
HistorySep 05, 2023 - 8:29 a.m.

Information Disclosure

2023-09-0508:29:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
python3
tls
vulnerability
unencrypted data
breach
confidentiality

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

18.0%

python3 is vulnerable to Information Disclosure. The vulnerability can be exploited by an attacker to bypass the TLS handshake and send unencrypted data to the server. This data could be used to modify or delete resources that are authenticated only by a TLS certificate, which makes it possible for breach of confidentiality.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

18.0%