Seagate-tools stores source codes of tools such as PerfPro, PerfLine, etc. These tools are developed and used by the Engineering team to boost team productivity.
GNU Affero General Public License v3.0
12
stars
18
forks
source link
CVE-2023-38325 (High) detected in cryptography-38.0.1-cp36-abi3-manylinux_2_24_x86_64.whl #614
CVE-2023-38325 - High Severity Vulnerability
Vulnerable Library - cryptography-38.0.1-cp36-abi3-manylinux_2_24_x86_64.whl
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/9b/4e/d7454551c3c7b327510e35d88db35c300484225ba47be861e28f0b520b33/cryptography-38.0.1-cp36-abi3-manylinux_2_24_x86_64.whl
Path to dependency file: /dashboards/cortx-companion/requirements.txt
Path to vulnerable library: /dashboards/cortx-companion/requirements.txt
Dependency Hierarchy: - jira-3.0.1-py3-none-any.whl (Root Library) - keyring-23.9.1-py3-none-any.whl - SecretStorage-3.3.3-py3-none-any.whl - :x: **cryptography-38.0.1-cp36-abi3-manylinux_2_24_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: 8cb5c624d5223f1adadc936267c5b99613c1073f
Found in base branch: main
Vulnerability Details
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
Publish Date: 2023-07-14
URL: CVE-2023-38325
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-38325
Release Date: 2023-07-14
Fix Resolution (cryptography): 41.0.2
Direct dependency fix Resolution (jira): 3.1.1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.