Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26150: check if session is active · FreeOpcUa/opcua-asyncio@b4106df

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session.

CVE
Open in Source
#auth

Expand Up

@@ -51,6 +51,9 @@ def __str__(self):

async def get_endpoints(self, params=None, sockname=None):

return await self.iserver.get_endpoints(params, sockname)

def is_activated(self) -> bool:

return self.state == SessionState.Activated

async def create_session(self, params, sockname=None):

self.logger.info(‘Create session request’)

result = ua.CreateSessionResult()

Expand Down

Related news

GHSA-2894-qcqf-g23g: asyncua Improper Authentication vulnerability

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE