Vulnerability CVE-2022-0391

Vulnerability Name:

CVE-2022-0391 (CCN-219613)

Assigned:

2021-04-18

Published:

2021-04-18

Updated:

2023-05-03

Summary:

Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. An attacker could exploit this vulnerability to perform injection attack or launch further attacks on the system.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-0391

Source: CCN
Type: python bug tracker Issue43882
CVE-2022-0391: urllib.parse should sanitize urls containing ASCII newline and tabs

Source: secalert@redhat.com
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
python-cve20220391-weak-security(219613)

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6562401 (Spectrum Protect Plus Container Backup and Restore)
Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

Source: CCN
Type: IBM Security Bulletin 6562405 (Spectrum Protect Plus File Systems Agent)
Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)

Source: CCN
Type: IBM Security Bulletin 6591175 (Security SOAR)
IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391)

Source: CCN
Type: IBM Security Bulletin 6595601 (Tivoli Application Dependency Discovery Manager)
Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Source: CCN
Type: IBM Security Bulletin 6611149 (Netezza for Cloud Pak for Data)
IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

Source: CCN
Type: IBM Security Bulletin 6828527 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)

Source: CCN
Type: IBM Security Bulletin 6833558 (Voice Gateway)
Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6840917 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Source: CCN
Type: IBM Security Bulletin 6848229 (Elastic Storage System)
A vulnerability in Python affects IBM Elastic Storage System (CVE-2022-0391)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Python Web site
Python

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:python:python:3.7:*:*:*:*:*:*:*

OR cpe:/a:python:python:3.6.0:-:*:*:*:*:*:*

OR cpe:/a:python:python:3.8.0:-:*:*:*:*:*:*

AND

cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20226457	P	RHSA-2022:6457: python3 security update (Moderate)	2022-09-13
oval:com.redhat.rhsa:def:20221821	P	RHSA-2022:1821: python27:2.7 security update (Moderate)	2022-05-10
oval:com.redhat.rhsa:def:20221764	P	RHSA-2022:1764: python38:3.8 and python38-devel:3.8 security update (Moderate)	2022-05-10
oval:org.opensuse.security:def:6325	P	Security update for python (Moderate)	2022-04-08
oval:org.opensuse.security:def:127251	P	Security update for python (Moderate)	2022-04-08
oval:org.opensuse.security:def:6003	P	Security update for python (Moderate)	2022-04-08
oval:org.opensuse.security:def:125688	P	Security update for python (Moderate)	2022-04-08
oval:org.opensuse.security:def:126854	P	Security update for python (Moderate)	2022-04-08
oval:org.opensuse.security:def:100061	P	(Moderate)	2022-04-01
oval:org.opensuse.security:def:101748	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:119049	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:849	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:100395	P	(Moderate)	2022-04-01
oval:org.opensuse.security:def:102142	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:1057	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:100728	P	(Moderate)	2022-04-01
oval:org.opensuse.security:def:1581	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:101580	P	Security update for python (Moderate)	2022-04-01
oval:org.opensuse.security:def:5373	P	Security update for python3 (Moderate)	2022-03-16
oval:org.opensuse.security:def:6200	P	Security update for python3 (Moderate)	2022-03-16

BACK