Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-2996

Published: 01/09/2022 Updated: 12/12/2022
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 0

Vulnerability Summary

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python-scciclient project python-scciclient 0.11.0

debian debian linux 10.0

Vendor Advisories

Red Hat: Moderate: Red Hat OpenStack Platform 16.2.4 (python-scciclient) security update
Synopsis Moderate: Red Hat OpenStack Platform 1624 (python-scciclient) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-scciclient is now available for Red Hat OpenStackPlatform 1624 ...
Red Hat: Moderate: Red Hat OpenStack Platform 16.1.9 (python-scciclient) security update
Synopsis Moderate: Red Hat OpenStack Platform 1619 (python-scciclient) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-scciclient is now available for Red Hat OpenStackPlatform 1619 ...
Debian CVElist Bug Report Logs: python-scciclient: CVE-2022-2996: missing server certificate verification
Debian Bug report logs - #1018213 python-scciclient: CVE-2022-2996: missing server certificate verification Package: src:python-scciclient; Maintainer for src:python-scciclient is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 27 Aug 2022 07:12:02 ...

References

CWE-295https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636chttps://lists.debian.org/debian-lts-announce/2022/11/msg00006.htmlhttps://access.redhat.com/errata/RHSA-2022:8854https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook