PYSEC-2018-20
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/privacyidea/PYSEC-2018-20.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2018-20
- Aliases
- Published
- 2018-10-08T15:29:00Z
- Modified
- 2023-11-08T03:59:40.255809Z
- Summary
- [none]
- Details
-
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.
- References
Affected packages
PyPI / privacyidea
Package
- Name
- privacyidea
- View open source insights on deps.dev
- Purl
- pkg:pypi/privacyidea
Affected ranges
- Type
- GIT
- Repo
- https://github.com/privacyidea/privacyidea
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.23.2
Affected versions
1.*
1.0dev4
1.0dev5
1.0dev6
1.0dev7
1.0
1.1
1.2
1.2.1-dev0
1.2.1
1.2.2
1.2.3
1.3
1.3.1
1.3.2
1.3.3
1.4dev5
1.4
1.4.1
1.5
1.5.1
1.5.1.1
2.*
2.0dev1
2.0
2.0.1
2.1
2.2
2.2.1
2.3
2.3.1
2.3.2
2.4
2.5
2.6dev0
2.6dev1
2.6dev2
2.6dev4
2.6dev5
2.6
2.7dev3
2.7
2.7.1
2.8dev4
2.8dev5
2.8dev7
2.8
2.8.1
2.9dev2
2.9
2.10dev2
2.10dev4
2.10dev5
2.10dev6
2.10
2.10.1
2.10.2
2.11dev2
2.11
2.11.1
2.11.2
2.11.3
2.12
2.12.1
2.13
2.14
2.15
2.16
2.16.1
2.17.dev4
2.17.dev5
2.17.dev6
2.17
2.18.dev3
2.18.dev4
2.18.dev5
2.18.dev6
2.18.dev7
2.18
2.18.1
2.19.dev2
2.19
2.19.1
2.20.dev1
2.20.dev2
2.20.dev3
2.20.dev4
2.20
2.20.1
2.21.dev2
2.21
2.21.1
2.21.2
2.21.3
2.21.4
2.22.dev3
2.22.dev4
2.22.dev7
2.22
2.22.1.dev1
2.22.1
2.22.2.dev1
2.22.2
2.22.4
2.23.dev3
2.23.dev4
2.23.dev5
2.23.dev6
2.23.dev7
2.23.dev8
2.23.dev9
2.23
2.23.1