Lucene search

GitHub Advisory DatabaseGHSA-VPQP-HX68-P2WX

HistoryMay 14, 2022 - 1:08 a.m.

Improper Link Resolution Before File Access in Suds

2022-05-1401:08:23

CWE-59

GitHub Advisory Database

github.com

suds

cache file

symlink attack

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

EPSS

Percentile

5.1%

JSON

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Affected configurations

Vulners

Node

sudsRange≤0.4

VendorProductVersionCPE
*suds*cpe:2.3:a:*:suds:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	suds	*	cpe:2.3:a::suds::::::::*

References

lists.opensuse.org/opensuse-updates/2013-07/msg00062.html

www.openwall.com/lists/oss-security/2013/06/27/8

www.ubuntu.com/usn/USN-2008-1

bugzilla.redhat.com/show_bug.cgi?id=978696

github.com/advisories/GHSA-vpqp-hx68-p2wx

github.com/pypa/advisory-database/tree/main/vulns/suds/PYSEC-2013-32.yaml

nvd.nist.gov/vuln/detail/CVE-2013-2217

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

EPSS

Percentile

5.1%

JSON

Related for GHSA-VPQP-HX68-P2WX