Vulnerabilities > CVE-2018-20060

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
python
fedoraproject
critical
nessus

Summary

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1211.NASL
    descriptionurllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060)
    last seen2020-06-01
    modified2020-06-02
    plugin id125290
    published2019-05-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125290
    titleAmazon Linux 2 : python-urllib3 (ALAS-2019-1211)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1211.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125290);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2018-20060");
      script_xref(name:"ALAS", value:"2019-1211");
    
      script_name(english:"Amazon Linux 2 : python-urllib3 (ALAS-2019-1211)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "urllib3 before version 1.23 does not remove the Authorization HTTP
    header when following a cross-origin redirect (i.e., a redirect that
    differs in host, port, or scheme). This can allow for credentials in
    the Authorization header to be exposed to unintended hosts or
    transmitted in cleartext.(CVE-2018-20060)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1211.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update python-urllib3' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-urllib3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"python-urllib3-1.24.3-1.amzn2.0.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-urllib3");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0851.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-04-23
    modified2020-03-18
    plugin id134676
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134676
    titleRHEL 7 : python-virtualenv (RHSA-2020:0851)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0851. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134676);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2018-18074", "CVE-2018-20060", "CVE-2019-11236");
      script_bugtraq_id(108793, 108815);
      script_xref(name:"RHSA", value:"2020:0851");
    
      script_name(english:"RHEL 7 : python-virtualenv (RHSA-2020:0851)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as
    referenced in the RHSA-2020:0851 advisory.
    
      - python-requests: Redirect from HTTPS to HTTP does not
        remove Authorization header (CVE-2018-18074)
    
      - python-urllib3: Cross-host redirect does not remove
        Authorization header allow for credential exposure
        (CVE-2018-20060)
    
      - python-urllib3: CRLF injection due to not encoding the
        '\r\n' sequence leading to possible attack on internal
        service (CVE-2019-11236)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/522.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/522.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0851");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-18074");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-20060");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11236");
      script_set_attribute(attribute:"solution", value:
    "Update the affected python-virtualenv package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20060");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(113, 522);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-virtualenv");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'python-virtualenv-15.1.0-4.el7_7', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string=NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-virtualenv');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1605.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1605 advisory. - The fix leads to a regression (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-21
    modified2020-04-28
    plugin id136044
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136044
    titleRHEL 8 : python27:2.7 (RHSA-2020:1605)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1916.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1916 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-03
    modified2020-04-29
    plugin id136112
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136112
    titleRHEL 8 : python-pip (RHSA-2020:1916)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2362.NASL
    descriptionAccording to the version of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131854
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131854
    titleEulerOS 2.0 SP2 : python-urllib3 (EulerOS-SA-2019-2362)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PYTHON_URLLIB3_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-03-18
    modified2019-08-27
    plugin id128256
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128256
    titleScientific Linux Security Update : python-urllib3 on SL7.x x86_64 (20190806)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0850.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-04-23
    modified2020-03-23
    plugin id134826
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134826
    titleRHEL 7 : python-pip (RHSA-2020:0850)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1936.NASL
    descriptionAccording to the version of the python-urllib3 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128939
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128939
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : python-urllib3 (EulerOS-SA-2019-1936)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1224.NASL
    descriptionurllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060)
    last seen2020-06-01
    modified2020-06-02
    plugin id125903
    published2019-06-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125903
    titleAmazon Linux AMI : python-urllib3 (ALAS-2019-1224)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0851.NASL
    descriptionFrom Red Hat Security Advisory 2020:0851 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-19
    plugin id134689
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134689
    titleOracle Linux 7 : python-virtualenv (ELSA-2020-0851)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2068.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2068 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-15
    modified2020-05-12
    plugin id136519
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136519
    titleRHEL 7 : python-pip (RHSA-2020:2068)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0851.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-26
    plugin id134904
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134904
    titleCentOS 7 : python-virtualenv (CESA-2020:0851)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200512_PYTHON_PIP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-06-02
    plugin id137038
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137038
    titleScientific Linux Security Update : python-pip on SL7.x (noarch) (20200512)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8560719E80.NASL
    description - Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/ 3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124372
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124372
    titleFedora 28 : python-urllib3 (2019-8560719e80)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6AFAA38E7B.NASL
    description - Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/ 3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124501
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124501
    titleFedora 30 : python-urllib3 (2019-6afaa38e7b)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200317_PYTHON_PIP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-03-21
    modified2020-03-18
    plugin id134649
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134649
    titleScientific Linux Security Update : python-pip on SL7.x (noarch) (20200317)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2272.NASL
    descriptionAn update for python-urllib3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es) : * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-01
    modified2020-06-02
    plugin id127701
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127701
    titleRHEL 7 : python-urllib3 (RHSA-2019:2272)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0850.NASL
    descriptionFrom Red Hat Security Advisory 2020:0850 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-19
    plugin id134688
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134688
    titleOracle Linux 7 : python-pip (ELSA-2020-0850)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200317_PYTHON_VIRTUALENV_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-03-21
    modified2020-03-18
    plugin id134650
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134650
    titleScientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200317)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0199_PYTHON-URLLIB3.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-urllib3 packages installed that are affected by multiple vulnerabilities: - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060) - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id130202
    published2019-10-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130202
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python-urllib3 Multiple Vulnerabilities (NS-SA-2019-0199)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2239.NASL
    descriptionAccording to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.(CVE-2019-11236) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130701
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130701
    titleEulerOS 2.0 SP3 : python-urllib3 (EulerOS-SA-2019-2239)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_87270BA503D311EAB81F3085A9A95629.NASL
    descriptionNIST reports: (by search in the range 2018/01/01 - 2019/11/10) : urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
    last seen2020-06-01
    modified2020-06-02
    plugin id131340
    published2019-11-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131340
    titleFreeBSD : urllib3 -- multiple vulnerabilities (87270ba5-03d3-11ea-b81f-3085a9a95629)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2081.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-15
    modified2020-05-12
    plugin id136517
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136517
    titleRHEL 7 : python-virtualenv (RHSA-2020:2081)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2272.NASL
    descriptionAn update for python-urllib3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es) : * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-01
    modified2020-06-02
    plugin id128379
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128379
    titleCentOS 7 : python-urllib3 (CESA-2019:2272)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0850.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-26
    plugin id134903
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134903
    titleCentOS 7 : python-pip (CESA-2020:0850)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0246_PYTHON-URLLIB3.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-urllib3 packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236) - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132512
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132512
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : python-urllib3 Multiple Vulnerabilities (NS-SA-2019-0246)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3990-1.NASL
    descriptionIt was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-11324). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125338
    published2019-05-22
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125338
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : python-urllib3 vulnerabilities (USN-3990-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2131.NASL
    descriptionThis update for python-urllib3 fixes the following issues : Security issues fixed : - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128864
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128864
    titleopenSUSE Security Update : python-urllib3 (openSUSE-2019-2131)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1877.NASL
    descriptionAccording to the version of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128800
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128800
    titleEulerOS 2.0 SP5 : python-urllib3 (EulerOS-SA-2019-1877)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A6C56F9756.NASL
    description - Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified (https://www.openwall.com/lists/oss-security/2019/04/17/ 3) Full changelog at: https://github.com/urllib3/urllib3/blob/1.24.2/CHANGES.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124247
    published2019-04-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124247
    titleFedora 29 : python-urllib3 (2019-a6c56f9756)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200512_PYTHON_VIRTUALENV_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-06-02
    plugin id137039
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137039
    titleScientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200512)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1413.NASL
    descriptionurllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060) In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236) A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user
    last seen2020-04-30
    modified2020-04-24
    plugin id135931
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135931
    titleAmazon Linux 2 : python-virtualenv (ALAS-2020-1413)

Redhat

advisories
rhsa
idRHSA-2019:2272
rpms
  • python-urllib3-0:1.10.2-7.el7
  • python3-pip-0:9.0.3-7.el7_7
  • python-virtualenv-0:15.1.0-4.el7_7
  • Cython-debugsource-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • PyYAML-debugsource-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • numpy-debugsource-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python-coverage-debugsource-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python-lxml-debugsource-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python-nose-docs-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debugsource-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-doc-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-pymongo-debugsource-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-sqlalchemy-doc-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-Cython-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-Cython-debuginfo-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-PyMySQL-0:0.8.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-attrs-0:17.4.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • python2-backports-0:1.0-15.module+el8.1.0+3111+de3f2d8e
  • python2-backports-ssl_match_hostname-0:3.5.0.1-11.module+el8.1.0+3111+de3f2d8e
  • python2-bson-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-bson-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-chardet-0:3.0.4-10.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-debuginfo-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-debug-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-debuginfo-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-debugsource-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-devel-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-dns-0:1.15.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-docs-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docs-info-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docutils-0:0.14-12.module+el8.1.0+3111+de3f2d8e
  • python2-funcsigs-0:1.0.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-idna-0:2.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-ipaddress-0:1.0.18-6.module+el8.1.0+3111+de3f2d8e
  • python2-jinja2-0:2.10-8.module+el8.1.0+3111+de3f2d8e
  • python2-libs-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-lxml-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-lxml-debuginfo-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-markupsafe-0:0.23-19.module+el8.1.0+3111+de3f2d8e
  • python2-mock-0:2.0.0-13.module+el8.1.0+3111+de3f2d8e
  • python2-nose-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python2-numpy-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-debuginfo-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-doc-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-f2py-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-pip-0:9.0.3-16.module+el8.2.0+5478+b505947e
  • python2-pip-wheel-0:9.0.3-16.module+el8.2.0+5478+b505947e
  • python2-pluggy-0:0.6.0-8.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-tests-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-py-0:1.5.3-6.module+el8.1.0+3111+de3f2d8e
  • python2-pygments-0:2.2.0-20.module+el8.1.0+3111+de3f2d8e
  • python2-pymongo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-gridfs-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pysocks-0:1.6.8-6.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-0:3.4.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-mock-0:1.9.0-4.module+el8.1.0+3111+de3f2d8e
  • python2-pytz-0:2017.2-12.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-debuginfo-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-requests-0:2.20.0-3.module+el8.2.0+4577+feefd9b8
  • python2-rpm-macros-0:3-38.module+el8.1.0+3111+de3f2d8e
  • python2-scipy-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-scipy-debuginfo-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-setuptools-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools-wheel-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools_scm-0:1.15.7-6.module+el8.1.0+3111+de3f2d8e
  • python2-six-0:1.11.0-5.module+el8.1.0+3111+de3f2d8e
  • python2-sqlalchemy-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-test-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-tkinter-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-tools-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-urllib3-0:1.24.2-1.module+el8.1.0+3280+19512f10
  • python2-virtualenv-0:15.1.0-19.module+el8.1.0+3507+d69c168d
  • python2-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • python2-wheel-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • scipy-debugsource-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • platform-python-pip-0:9.0.3-16.el8
  • python3-pip-0:9.0.3-16.el8
  • python3-pip-wheel-0:9.0.3-16.el8
  • python3-pip-0:9.0.3-7.el7_8
  • python-virtualenv-0:15.1.0-4.el7_8

References