{"containers": {"cna": {"affected": [{"product": "Python-apt", "vendor": "Canonical", "versions": [{"lessThan": "0.8.3ubuntu7.5", "status": "affected", "version": "0.8.3", "versionType": "custom"}, {"lessThan": "0.9.3.5ubuntu3+esm2", "status": "affected", "version": "0.9.3.5", "versionType": "custom"}, {"lessThan": "1.1.0~beta1ubuntu0.16.04.7", "status": "affected", "version": "1.1.0", "versionType": "custom"}, {"lessThan": "1.6.5ubuntu0.1", "status": "affected", "version": "1.6.5", "versionType": "custom"}, {"lessThan": "1.9.0ubuntu1.2", "status": "affected", "version": "1.9.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Julian Andres Klode"}], "datePublic": "2019-08-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-26T13:00:21.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4247-1/"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4247-3/"}], "source": {"advisory": "https://usn.ubuntu.com/usn/usn-4247-1", "defect": ["https://bugs.launchpad.net/ubuntu/%2Bsource/python-apt/%2Bbug/1858972"], "discovery": "UNKNOWN"}, "title": "python-apt uses MD5 for validation", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-08-06T16:33:00.000Z", "ID": "CVE-2019-15795", "STATE": "PUBLIC", "TITLE": "python-apt uses MD5 for validation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Python-apt", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "0.8.3", "version_value": "0.8.3ubuntu7.5"}, {"platform": "", "version_affected": "<", "version_name": "0.9.3.5", "version_value": "0.9.3.5ubuntu3+esm2"}, {"platform": "", "version_affected": "<", "version_name": "1.1.0", "version_value": "1.1.0~beta1ubuntu0.16.04.7"}, {"platform": "", "version_affected": "<", "version_name": "1.6.5", "version_value": "1.6.5ubuntu0.1"}, {"platform": "", "version_affected": "<", "version_name": "1.9.0", "version_value": "1.9.0ubuntu1.2"}]}}]}, "vendor_name": "Canonical"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Julian Andres Klode"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}]}, "references": {"reference_data": [{"name": "", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4247-1/"}, {"name": "", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4247-3/"}]}, "solution": [], "source": {"advisory": "https://usn.ubuntu.com/usn/usn-4247-1", "defect": ["https://bugs.launchpad.net/ubuntu/%2Bsource/python-apt/%2Bbug/1858972"], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:56:22.746Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4247-1/"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4247-3/"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-15795", "datePublished": "2020-03-26T13:00:21.299Z", "dateReserved": "2019-08-29T00:00:00.000Z", "dateUpdated": "2024-09-16T19:45:50.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.0:ubuntu9:*:*:*:*:*:*", "matchCriteriaId": "C8023A14-4ECA-4A75-8171-26709D2D3792", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.1:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "1EF9A385-956B-472C-A679-A3FE4AC00592", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "D8875AAE-0C17-4D78-AFE4-6BB22EB77954", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "A863CCB4-564A-4B48-B848-BDD4136E6344", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu3:*:*:*:*:*:*", "matchCriteriaId": "1C8E5FCA-385C-417C-99F5-D567561FF726", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu4:*:*:*:*:*:*", "matchCriteriaId": "9007120A-79E2-40BB-AF85-7D3A5BA12D57", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu5:*:*:*:*:*:*", "matchCriteriaId": "17342A94-F344-48F4-AF01-C8D9787A026F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu6:*:*:*:*:*:*", "matchCriteriaId": "AF594C79-79DF-4347-A032-D9E33BE17D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7:*:*:*:*:*:*", "matchCriteriaId": "4ABCF70B-DCD4-4D2A-830D-4BE9E4E0CC20", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7.1:*:*:*:*:*:*", "matchCriteriaId": "ED043341-3D12-4BAD-B064-1FD31BD94EBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7.2:*:*:*:*:*:*", "matchCriteriaId": "B68421C7-67B0-418E-A1F4-D202AF56A074", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7.3:*:*:*:*:*:*", "matchCriteriaId": "85D25189-5488-4C05-A187-CBD57F0BFB6B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9412B9A-6972-4250-98C6-2D24FD3CA870", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.9.1:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "F8F30079-BCC5-4764-BA0B-B788054D4A1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "BECDB14E-DCF8-40E6-9A69-DD4B33689481", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FCC5B74-E260-4420-BA69-52D931D0816A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:build1:*:*:*:*:*:*", "matchCriteriaId": "78BD7CBD-B1A5-4998-A356-96B6EBB69884", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:build2:*:*:*:*:*:*", "matchCriteriaId": "E022EBAC-22FD-4174-BD9C-FDC8C59B4EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "76BB9D6E-960E-441B-9BE6-A91871F8BF2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "95AAB90A-99D3-42B7-AC6D-F292F5DC338D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "78EFED05-114B-4ACC-ACE7-4862FF3CEF21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.2:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "492F2102-1B12-49BA-ACAD-811896D6D41C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.2:ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "F7B9C782-B85D-40B0-9B2D-3A0E0717124F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BBE95FDD-1DD6-4EE1-BBDB-466286246D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.3:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "BED15761-D52F-4DFA-B311-5E83C098CA92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA6E2809-0168-40ED-8E6D-11EFEAD691E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.4:build1:*:*:*:*:*:*", "matchCriteriaId": "17F79D9B-B0E4-4DE3-B56E-8C0DB7D11B06", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "EE723A31-105B-4B7A-BD36-39F66F2D328A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "420F0F94-6271-46B6-A764-F80734025924", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "4FBFE40A-1CFD-421F-9EB1-78A655CB4D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu3:*:*:*:*:*:*", "matchCriteriaId": "365D175D-306D-4FF2-9AFC-6E61C5EC4894", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubuntu:python-apt:1.0.1:build1:*:*:*:*:*:*", "matchCriteriaId": "13651D35-2210-459D-ACF9-24098BA9FA94", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.0.1:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "CABE1D3B-3CF8-4CEE-AD4B-A763041E06C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.0.1:ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "77EB9A5F-D8DA-497F-BF0E-A59859C7866D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "4E64022C-0775-4DD2-9B57-490EE4E5147C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1build1:*:*:*:*:*:*", "matchCriteriaId": "09B3C47B-8C39-454E-9604-61EFF6F271E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.1:*:*:*:*:*:*", "matchCriteriaId": "84D6B098-CDA0-489A-A0F2-9E30398ACFCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.2:*:*:*:*:*:*", "matchCriteriaId": "DC1A8478-5D50-4574-8ED5-D4DC1617128C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.3:*:*:*:*:*:*", "matchCriteriaId": "02ED67EF-AD26-44D9-966E-7F2EFACA98FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.4:*:*:*:*:*:*", "matchCriteriaId": "8EF37D60-DF9C-494D-9E99-CAF2688D2709", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.5:*:*:*:*:*:*", "matchCriteriaId": "DF4CF123-0348-4DBA-87AC-8C02CB6C560A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:python-apt:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "14C28F87-5F9F-4DC6-A690-0CFDDD3C4345", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C32BE0B-1346-4ED3-8A80-4AA6EE2FD44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.4.0:beta3build2:*:*:*:*:*:*", "matchCriteriaId": "223E48D6-EFD6-43CC-8A57-3FBE61007B43", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.4.0:beta3ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "276A516B-F419-4922-AD3D-089D894B75EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A174B38B-D155-4D1D-82CC-B62380F68D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8692D74-6D5C-4606-BB15-7ADF95E22171", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc2ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "2C96734E-FB35-4525-B69F-00BB8F210459", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc2ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "F4B4B6D1-9399-4EA1-B4CE-82E1148E9894", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "3781605F-02A1-40CC-9D02-E2140B1B3064", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E05CF21E-EACE-4B18-9180-03B0983F95AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "307ECCEB-8E55-49FC-B44F-319BC07F0A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C00B937-3F2A-4E3C-8C09-ECF01662A05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.3:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "DE4A7E7B-C520-4B56-A802-96DBE153284C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "5290F1FF-D143-4B10-BE1A-3BBC17D42A6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE146221-82F3-4CDE-A713-6A3FA6742F71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE146221-82F3-4CDE-A713-6A3FA6742F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.9.0:alpha0\\~ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "A20E9163-0590-44C8-81EF-DE999F9D504A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.9.0:alpha0\\~ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "3F84F347-CBD7-4E07-AF93-997E7C6569CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.9.0:ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "ACA89794-91C5-48BD-AF40-971D892717EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubuntu:python-apt:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5C41C59-4955-42D5-8724-A67D8DA7B9E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "163726B0-4A4F-4F7E-9A48-06BEFC29DC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.0:alpha0\\~ubuntu1:*:*:*:*:*:*", "matchCriteriaId": "1BC6ADE4-D2AB-424F-A63D-57840016D6F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.0:alpha0\\~ubuntu2:*:*:*:*:*:*", "matchCriteriaId": "1BBD93FF-57C9-488E-8C11-CFA8EC1C5345", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C378E5B-9AF4-436C-BAE6-1A009F5D490E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6726FF84-F4DF-47A9-910B-9288D57A22BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "FAC0AE27-85A4-4F6C-80E3-08A6B45F267C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE146221-82F3-4CDE-A713-6A3FA6742F71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5."}, {"lang": "es", "value": "Python-apt solo comprueba las cantidades MD5 de los archivos descargados en las funciones \"Version.fetch_binary()\" y \"Version.fetch_source()\" del archivo apt/package.py en la versi\u00f3n 1.9.0ubuntu1 y anteriores. Esto permite un ataque de tipo man-in-the-middle que podr\u00eda ser usado para instalar paquetes alterados y ha sido corregido en las versiones 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9. 3.5ubuntu3+esm2, y 0.8.3ubuntu7.5."}], "id": "CVE-2019-15795", "lastModified": "2024-11-21T04:29:29.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-26T13:15:12.750", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://usn.ubuntu.com/4247-1/"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://usn.ubuntu.com/4247-3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://usn.ubuntu.com/4247-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://usn.ubuntu.com/4247-3/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}