Product Research Enterprise Plans Docs

PyPi: Kiosk-Client

CVE-2019-12855

Transitive

Safety vulnerability ID: 38382

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 16, 2019 Updated at Nov 07, 2023

Scan your Python projects for vulnerabilities →

Advisory

Kiosk-client 0.2.1 updates Twisted to the latest version due to CVE-2019-12855. In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Affected package

kiosk-client

Latest version: 0.8.4

CLI client for the DeepCell Kiosk.

Affected versions

Fixed versions

Vulnerability changelog

Updated to the latest version of Twisted due to CVE-2019-12855.

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.4

CVSS v3 Details

HIGH 7.4

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 5.8

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE