Back to bug 1007746
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ratul Gupta | 2013-09-13 09:11:13 UTC | CC | bdunne, bkearney, cpelland, jfrey, jmatthew, jrafanie, katello-bugs, kseifried, metherid, mmccune, obarenbo, pj.pandit, tcallawa, tsanders, xlecauch | |
| Ratul Gupta | 2013-09-13 09:30:45 UTC | Whiteboard | impact=moderate,public=20130913,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected | impact=moderate,public=20130912,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected |
| Ratul Gupta | 2013-09-13 09:34:29 UTC | Blocks | 1007764 | |
| Ratul Gupta | 2013-09-13 09:37:25 UTC | Depends On | 1007766 | |
| Ratul Gupta | 2013-09-13 09:37:45 UTC | Depends On | 1007767 | |
| Ratul Gupta | 2013-09-13 09:42:48 UTC | Summary | python-oauth2: _check_signature() ignores the nonce value when validating signed urls | CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce value when validating signed urls |
| Alias | CVE-2013-4346 | |||
| Vincent Danen | 2013-09-13 14:59:14 UTC | Whiteboard | impact=moderate,public=20130912,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected |
| John Skeoch | 2014-01-22 23:59:08 UTC | CC | mjc | |
| Mark J. Cox | 2014-01-27 08:37:33 UTC | CC | mjc | |
| Garth Mollett | 2014-04-10 02:39:10 UTC | CC | gmollett | |
| Whiteboard | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected,openstack-4/python-oauth2=affected | ||
| Kurt Seifried | 2014-07-22 06:21:21 UTC | Depends On | 1121874 | |
| Kurt Seifried | 2014-07-22 07:30:16 UTC | Whiteboard | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected,openstack-4/python-oauth2=affected | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected |
| Kurt Seifried | 2014-07-22 07:31:40 UTC | Whiteboard | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected |
| Garth Mollett | 2014-10-03 06:50:47 UTC | Whiteboard | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix |
| Kurt Seifried | 2015-07-04 15:35:11 UTC | Blocks | 1145400 | |
| Tom "spot" Callaway | 2015-07-06 14:23:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2015-07-06 10:23:09 UTC | |||
| Ján Rusnačko | 2015-07-07 07:44:19 UTC | Status | CLOSED | NEW |
| CC | jrusnack | |||
| Resolution | CURRENTRELEASE | --- | ||
| Keywords | Reopened | |||
| Ján Rusnačko | 2015-07-07 07:49:49 UTC | Whiteboard | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix,cwe=CWE-347 |
| Kurt Seifried | 2015-07-07 17:46:57 UTC | Doc Text | python-oauth2 did not properly verify the nonce of a signed url. This could allow a malicious who is able to sniff network traffic to conduct a replay attack against a website using OAuth2 authentication. | |
| Kurt Seifried | 2015-07-07 17:47:34 UTC | Doc Text | python-oauth2 did not properly verify the nonce of a signed url. This could allow a malicious who is able to sniff network traffic to conduct a replay attack against a website using OAuth2 authentication. | python-oauth2 did not properly verify the nonce of a signed url. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using OAuth2 authentication. |
| Martin Prpič | 2015-07-08 15:45:49 UTC | Doc Text | python-oauth2 did not properly verify the nonce of a signed url. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using OAuth2 authentication. | It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website. |
| Kurt Seifried | 2015-08-12 21:54:59 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2015-07-06 10:23:09 UTC | 2015-08-12 17:54:59 UTC | ||
| Product Security DevOps Team | 2019-09-29 13:08:22 UTC | Whiteboard | impact=moderate,public=20130204,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix,cwe=CWE-347 |
Back to bug 1007746