CVE-2018-20852

{"id": "CVE-2018-20852", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-07-13T21:15:10.377", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3725", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3948", "source": "cve@mitre.org"}, {"url": "https://bugs.python.org/issue35121", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/", "source": "cve@mitre.org"}, {"url": "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202003-26", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4127-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4127-2/", "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3."}, {"lang": "es", "value": "http.cookiejar.DefaultPolicy.domain_return_ok en Lib / http / cookiejar.py en Python en versiones anteriores a la 3.7.3 no valida correctamente el dominio: se puede enga\u00f1ar para que env\u00ede las cookies existentes al servidor incorrecto. Un atacante puede abusar de este fallo al usar un servidor con un nombre de host que tiene otro nombre de host v\u00e1lido como sufijo (por ejemplo, pythonicexample.com para robar cookies para example.com). Cuando un programa utiliza http.cookiejar.DefaultPolicy e intenta hacer una conexi\u00f3n HTTP a un servidor controlado por un atacante, las cookies existentes pueden ser filtradas al atacante. Esto afecta a la versi\u00f3n 2.x hasta la versi\u00f3n 2.7.16, versi\u00f3n 3.x en versiones anteriores a la 3.4.10, versi\u00f3n 3.5.x en versiones anteriores a la 3.5.7, versi\u00f3n 3.6.x en versiones anteriores a la 3.6.9 y versi\u00f3n 3.7.x en versiones anteriores a la 3.7.3."}], "lastModified": "2023-11-07T02:56:21.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "573B27AF-F9CA-4DA8-89B2-6AD6D61CDFDE", "versionEndIncluding": "2.7.16", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E55AC4-366D-497C-A541-A7BA86084846", "versionEndExcluding": "3.4.10", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA03C7E0-BBBD-48B7-8B55-D21114F7AE78", "versionEndExcluding": "3.5.7", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C052B2D-757B-4342-8BE9-510A08599779", "versionEndExcluding": "3.6.9", "versionStartIncluding": "3.6.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C910F83-E507-4572-93B0-740BFBA89B7A", "versionEndExcluding": "3.7.3", "versionStartIncluding": "3.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}