Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-1000433

Опубликовано: 10 сент. 2017
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

Отчет

Red Hat Product Security has rated this issue as having security impact of Low for:

  • Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
  • Red Hat OpenStack Platform 8.0 (Liberty)
  • Red Hat OpenStack Platform 9.0 (Mitaka)
  • Red Hat OpenStack Platform 10.0 (Newton)
  • Red Hat OpenStack Platform 11.0 (Ocata)
  • Red Hat OpenStack Platform 12.0 (Pike) Although the affected code is present in shipped packages, python-pysaml2 is included only as a dependency of other packages. The affected code cannot be reached in any supported configuration of Red Hat OpenStack Platform. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-pysaml2Will not fix
Red Hat OpenStack Platform 10 (Newton)python-pysaml2Will not fix
Red Hat OpenStack Platform 11 (Ocata)python-pysaml2Will not fix
Red Hat OpenStack Platform 12 (Pike)python-pysaml2Will not fix
Red Hat OpenStack Platform 8 (Liberty)python-pysaml2Will not fix
Red Hat OpenStack Platform 9 (Mitaka)python-pysaml2Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1516162python-pysaml2: Access restriction bypass

EPSS

Процентиль: 84%
0.02083
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-1000433

CVSS3: 8.1
ubuntu
около 8 лет назад

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

nvd логотип

CVE-2017-1000433

CVSS3: 8.1
nvd
около 8 лет назад

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

debian логотип

CVE-2017-1000433

CVSS3: 8.1
debian
около 8 лет назад

pysaml2 version 4.4.0 and older accept any password when run with pyth ...

github логотип

GHSA-924m-4pmx-c67h

CVSS3: 8.1
github
больше 7 лет назад

pysaml2 Improper Authentication vulnerability

EPSS

Процентиль: 84%
0.02083
Низкий

6.5 Medium

CVSS3