CVE-2013-2191

python-bugzilla < 0.9.0 - Man-in-the-Middle Attack via Unvalidated X.509 Certificates

Title source: llm
STIX 2.1

Description

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.

References (6)

Core 6

Scores

EPSS 0.0089
EPSS Percentile 55.1%

Details

CWE
CWE-20
Status published
Products (11)
fedoraproject/fedora 17
fedoraproject/fedora 18
opensuse/opensuse 11.4
opensuse/opensuse 12.2
opensuse/opensuse 12.3
pypi/python-bugzilla 0 - 0.9.0PyPI
python_bugzilla_project/python-bugzilla 0.6.0
python_bugzilla_project/python-bugzilla 0.6.1
python_bugzilla_project/python-bugzilla 0.6.2
python_bugzilla_project/python-bugzilla 0.7.0
... and 1 more
Published Feb 08, 2014
Tracked Since Feb 18, 2026