CVE-2013-2217

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Published: Sep 23, 2013
Updated: May 9, 2024
CVE: CVE-2013-2217
GHSA: GHSA-vpqp-hx68-p2wx
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.2
AV:L/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
jeff_ortel / suds	0.4	0.4.x
redhat / enterprise_linux	6.0	6.0.x
opensuse / opensuse	12.3	12.3.x
redhat / enterprise_linux	5	5.x
opensuse / opensuse	12.2	12.2.x
suds	-	1.0.0

http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html
http://www.openwall.com/lists/oss-security/2013/06/27/8
http://www.ubuntu.com/usn/USN-2008-1
https://bugzilla.redhat.com/show_bug.cgi?id=978696
https://github.com/pypa/advisory-database/tree/main/vulns/suds/PYSEC-2013-32.yaml

Vulnerability Database

CVE-2013-2217

Deep Security Visibility Without the Complexity