CVE-2013-2217 — Link Following in Ortel Suds

CWE-59 — Link Following CWE-377 — Insecure Temporary File10 documents7 sources

Severity

1.2LOWNVD

EPSS

0.1%

top 68.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jeff Ortel Suds Debian Suds Opensuse +1 more

Timeline

PublishedSep 23

Latest updateMay 14

Description

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/suds< suds 0.4.1-8 (bookworm)

▶PyPIjeff_ortel/suds< 1.0.0

▶Debianjeff_ortel/suds< 0.4.1-8+3

▶NVDjeff_ortel/suds0.4

▶NVDopensuse/opensuse12.2, 12.3+1

Also affects: Enterprise Linux 5, 6.0

🔴Vulnerability Details

OSV

Improper Link Resolution Before File Access in Suds↗2022-05-14

▶

GHSA

Improper Link Resolution Before File Access in Suds↗2022-05-14

▶

OSV

CVE-2013-2217: cache↗2013-09-23

▶

📋Vendor Advisories

Ubuntu

Suds vulnerability↗2013-10-24

▶

Red Hat

python-suds: Insecure temporary directory use when initializing file-based URL cache↗2013-06-27

▶

Debian

CVE-2013-2217: suds - cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirec...↗2013

▶

💬Community

Bugzilla

CVE-2013-2217 python-suds: Insecure temporary directory use when initializing file-based URL cache [epel-all]↗2013-06-27

▶

Bugzilla

CVE-2013-2217 python-suds: Insecure temporary directory use when initializing file-based URL cache [fedora-all]↗2013-06-27

▶

Bugzilla

CVE-2013-2217 python-suds: Insecure temporary directory use when initializing file-based URL cache↗2013-06-27

▶