CVE-2013-2191 - Vulnerability Details - OpenCVE

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Opensuse	Opensuse
Python Bugzilla Project	Python-bugzilla

Configuration 1 [-]

OR	cpe:2.3:a:python_bugzilla_project:python-bugzilla::::::::
	cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.0:::::::*
	cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.1:::::::*
	cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.2:::::::*
	cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.7.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:17:::::::*
	cpe:2.3:o:fedoraproject:fedora:18:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html
http://www.openwall.com/lists/oss-security/2013/06/19/6
https://bugzilla.redhat.com/show_bug.cgi?id=951594
https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef
https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-08T00:00:00

Updated: 2024-08-06T15:27:41.098Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2191

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-02-08T00:55:06.033

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-2191

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-07T22:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130619 [CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/6"}, {"name": "openSUSE-SU-2013:1155", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef"}, {"name": "openSUSE-SU-2013:1154", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=951594"}, {"name": "[python-bugzilla] 20130619 ANNOUNCE: python-bugzilla 0.9.0 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:41.098Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130619 [CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/6"}, {"name": "openSUSE-SU-2013:1155", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef"}, {"name": "openSUSE-SU-2013:1154", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=951594"}, {"name": "[python-bugzilla] 20130619 ANNOUNCE: python-bugzilla 0.9.0 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2191", "datePublished": "2014-02-08T00:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:41.098Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python_bugzilla_project:python-bugzilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "37D4F723-0E13-4A43-B58E-5753F0FFD9F1", "versionEndIncluding": "0.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "88255876-CED1-4B57-8E05-771A22658D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A29073C5-F457-4261-A489-AC9507298F22", "vulnerable": true}, {"criteria": "cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFBE3F9F-6FCD-443A-A05B-F991D3D9480B", "vulnerable": true}, {"criteria": "cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AA6FAD3-81ED-40E5-9EA1-97286720D54F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate."}, {"lang": "es", "value": "python-bugzilla anterior a 0.9.0 no valida los certificados X.509 , lo que permite a atacantes man-in-the-middle falsificar servidores Bugzilla a trav\u00e9s de un certificado manipulado."}], "id": "CVE-2013-2191", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-08T00:55:06.033", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/19/6"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=951594"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef"}, {"source": "secalert@redhat.com", "url": "https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/06/19/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=951594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}