CVE-2023-26150 – asyncua

Package

Manager: pip
Name: asyncua
Vulnerable Version: >=0 <0.9.96

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00161 pctl0.37527

Details

asyncua Improper Authentication vulnerability Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

Metadata

Created: 2023-10-03T06:30:26Z
Modified: 2023-10-04T19:34:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-2894-qcqf-g23g/GHSA-2894-qcqf-g23g.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-2894-qcqf-g23g
Finding: F006
Auto approve: 1