CVE-2020-25658 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
python-rsa_project	python-rsa	2.1 ≤ 𝑥 < 4.7
redhat	openstack_platform	13.0
redhat	openstack_platform	16.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-rsa

bullseye	no-dsa
bookworm	no-dsa
buster	no-dsa
stretch	no-dsa
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

python-rsa

lunar	ignored
kinetic	ignored
jammy	ignored
impish	ignored
hirsute	ignored
groovy	ignored
focal	ignored
bionic	ignored
xenial	ignored
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-385 - Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658

https://github.com/sybrenstuvel/python-rsa/issues/165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658

https://github.com/sybrenstuvel/python-rsa/issues/165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/