CVE-2018-19443

Опубликовано: 22 нояб. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 5.9

Описание

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
cosmic	ignored	end of life
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%

0.00196

Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2018-19443

CVSS3: 5.9

nvd

около 7 лет назад

CVE-2018-19443

CVSS3: 5.9

debian

около 7 лет назад

The client in Tryton 5.x before 5.0.1 tries to make a connection to th ...

openSUSE-SU-2018:4248-1

suse-cvrf

около 7 лет назад

Security update for tryton

openSUSE-SU-2018:4242-1

suse-cvrf

около 7 лет назад

Security update for tryton

GHSA-32w7-9whp-cjp9

CVSS3: 5.9

github

около 7 лет назад

Session Fixation in Tryton

EPSS

Процентиль: 42%

0.00196

Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2018-19443

Описание

Пакет tryton-client

Ссылки на источники

Связанные уязвимости