First published: Wed Apr 17 2019(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python-pip | <0:9.0.3-7.el7_7 | 0:9.0.3-7.el7_7 |
redhat/python-pip | <0:9.0.3-7.el7_8 | 0:9.0.3-7.el7_8 |
redhat/python-pip | <0:9.0.3-16.el8 | 0:9.0.3-16.el8 |
redhat/python-urllib3 | <0:1.24.2-2.el8 | 0:1.24.2-2.el8 |
redhat/python-urllib3 | <0:1.24.3-1.el7 | 0:1.24.3-1.el7 |
Python urllib3 | <1.24.2 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
redhat/urllib3 | <1.24.2 | 1.24.2 |
pip/urllib3 | <1.24.2 | 1.24.2 |
debian/python-urllib3 | 1.26.5-1~exp1 1.26.12-1 2.2.3-4 |
The urllib3 package is used by elastic-curator, which is deployed in the ose-logging-curator, and used by the optional logging feature in OpenShift Container Platform (OCP). Therefore OCP 3.11 users can mitigate this issue by not deploying and using the Curator logging feature. In OCP 4 urllib3 is also used by several Ansible Play Book images built with the Operator SDK and available for installation in OCP 4 including openshift-enterprise-ansible-operator and ose-metering-ansible-operator. Therefore those operators should not be deployed in order to mitigate this issue in OCP 4.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-11324 is a vulnerability in the urllib3 library for Python that mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates.
CVE-2019-11324 has a severity rating of 7.5, which is considered high.
The impact of CVE-2019-11324 is that SSL connections can succeed in situations where a verification failure should occur.
To fix CVE-2019-11324, you should update the urllib3 library for Python to version 1.24.2 or higher.
You can find more information about CVE-2019-11324 at the following references: [link1], [link2], [link3].