CVE-2019-11324 — HIGH (7.5)

Q: How severe is CVE-2019-11324?

CVE-2019-11324 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11324?

Check the references section above for vendor advisories and patch information. Affected products include: Python Urllib3, Canonical Ubuntu Linux.

Vulnerability Description

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Python	Urllib3	< 1.24.2
Canonical	Ubuntu Linux	16.04

Related Weaknesses (CWE)

CWE-295

References

FAQ

What is CVE-2019-11324?

CVE-2019-11324 is a vulnerability with a CVSS score of 7.5 (HIGH). The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succe...

How severe is CVE-2019-11324?

CVE-2019-11324 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11324?

Check the references section above for vendor advisories and patch information. Affected products include: Python Urllib3, Canonical Ubuntu Linux.