CVE-2020-25658 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Affected Products (NVD)

Vendor	Product	Version
python-rsa_project	python-rsa	2.1 ≤ 𝑥 < 4.7
redhat	openstack_platform	13.0
redhat	openstack_platform	16.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-rsa

bookworm	no-dsa
bullseye	no-dsa
buster	no-dsa
sid	vulnerable
stretch	no-dsa
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

python-rsa

bionic	ignored
focal	ignored
groovy	ignored
hirsute	ignored
impish	ignored
jammy	ignored
kinetic	ignored
lunar	ignored
trusty	ignored
xenial	ignored

Known Exploits!

Common Weakness Enumeration

CWE-385 - Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658

https://github.com/sybrenstuvel/python-rsa/issues/165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658

https://github.com/sybrenstuvel/python-rsa/issues/165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/