Headline
GHSA-2894-qcqf-g23g: asyncua Improper Authentication vulnerability
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
Note:
This issue is a result of missing checks for services that require an active session.
asyncua Improper Authentication vulnerability
Moderate severity GitHub Reviewed Published Oct 3, 2023 to the GitHub Advisory Database • Updated Oct 4, 2023
Related news
CVE-2023-26150: check if session is active · FreeOpcUa/opcua-asyncio@b4106df
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.