DescriptionA flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1018213

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-scciclient (PTS)buster0.7.2-2vulnerable
bookworm, sid0.12.3-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bullseye] - python-scciclient <no-dsa> (Minor issue) (0.12)

Search for package or bug name: Reporting problems