PublicDateAtUSN: 2019-07-13 Candidate: CVE-2018-20852 PublicDate: 2019-07-13 21:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852 https://python-security.readthedocs.io/vuln/cookie-domain-check.html https://ubuntu.com/security/notices/USN-4127-1 https://ubuntu.com/security/notices/USN-4127-2 Description: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. Ubuntu-Description: Notes: Bugs: https://bugs.python.org/issue35121 Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM] Patches_python2.7: upstream: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 upstream_python2.7: released (2.7.16-3) precise/esm_python2.7: released (2.7.3-0ubuntu3.14) trusty_python2.7: ignored (out of standard support) trusty/esm_python2.7: released (2.7.6-8ubuntu0.6+esm2) xenial_python2.7: released (2.7.12-1ubuntu0~16.04.8) esm-infra/xenial_python2.7: released (2.7.12-1ubuntu0~16.04.8) bionic_python2.7: released (2.7.15-4ubuntu4~18.04.1) cosmic_python2.7: ignored (reached end-of-life) disco_python2.7: released (2.7.16-2ubuntu0.1) eoan_python2.7: not-affected (2.7.16-3) focal_python2.7: not-affected (2.7.16-3) groovy_python2.7: not-affected (2.7.16-3) hirsute_python2.7: not-affected (2.7.16-3) impish_python2.7: not-affected (2.7.16-3) jammy_python2.7: not-affected (2.7.16-3) devel_python2.7: not-affected (2.7.16-3) Patches_python3.4: upstream: https://github.com/python/cpython/commit/42ad4101d3ba7ca3c371dadf0f8880764c9f15fb upstream_python3.4: released (3.4.10) precise/esm_python3.4: DNE trusty_python3.4: ignored (out of standard support) trusty/esm_python3.4: released (3.4.3-1ubuntu1~14.04.7+esm2) xenial_python3.4: DNE bionic_python3.4: DNE cosmic_python3.4: DNE disco_python3.4: DNE eoan_python3.4: DNE focal_python3.4: DNE groovy_python3.4: DNE hirsute_python3.4: DNE impish_python3.4: DNE jammy_python3.4: DNE devel_python3.4: DNE Patches_python3.5: upstream: https://github.com/python/cpython/commit/4749f1b69000259e23b4cc6f63c542a9bdc62f1b upstream_python3.5: released (3.5.7) precise/esm_python3.5: DNE trusty_python3.5: ignored (out of standard support) trusty/esm_python3.5: needed xenial_python3.5: released (3.5.2-2ubuntu0~16.04.8) esm-infra/xenial_python3.5: released (3.5.2-2ubuntu0~16.04.8) bionic_python3.5: DNE cosmic_python3.5: DNE disco_python3.5: DNE eoan_python3.5: DNE focal_python3.5: DNE groovy_python3.5: DNE hirsute_python3.5: DNE impish_python3.5: DNE jammy_python3.5: DNE devel_python3.5: DNE Patches_python3.6: upstream: https://github.com/python/cpython/commit/b241af861b37e20ad30533bc0b7e2e5491cc470f upstream_python3.6: released (3.6.9) precise/esm_python3.6: DNE trusty_python3.6: ignored (out of standard support) trusty/esm_python3.6: DNE xenial_python3.6: DNE bionic_python3.6: released (3.6.8-1~18.04.2) cosmic_python3.6: ignored (reached end-of-life) disco_python3.6: DNE eoan_python3.6: DNE focal_python3.6: DNE groovy_python3.6: DNE hirsute_python3.6: DNE impish_python3.6: DNE jammy_python3.6: DNE devel_python3.6: DNE Patches_python3.7: upstream: https://github.com/python/cpython/commit/e5123d81ffb3be35a1b2767d6ced1a097aaf77be upstream_python3.7: released (3.7.3~rc1-1) precise/esm_python3.7: DNE trusty_python3.7: ignored (out of standard support) trusty/esm_python3.7: DNE xenial_python3.7: DNE bionic_python3.7: not-affected (3.7.3-2) cosmic_python3.7: not-affected (3.7.3-2) disco_python3.7: not-affected (3.7.3-2) eoan_python3.7: not-affected (3.7.3-2) focal_python3.7: DNE groovy_python3.7: DNE hirsute_python3.7: DNE impish_python3.7: DNE jammy_python3.7: DNE devel_python3.7: DNE