Описание
asyncua Improper Authentication vulnerability
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
Note:
This issue is a result of missing checks for services that require an active session.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-26150
- https://github.com/FreeOpcUa/opcua-asyncio/issues/1014
- https://github.com/FreeOpcUa/opcua-asyncio/pull/1015
- https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a
- https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513
- https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121
- https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96
- https://github.com/pypa/advisory-database/tree/main/vulns/asyncua/PYSEC-2023-189.yaml
- https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435
Пакеты
asyncua
< 0.9.96
0.9.96
Связанные уязвимости
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.