Vulnerabilities > CVE-2019-16328 - Unspecified vulnerability in Rpyc Project Rpyc 4.1.0/4.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | SuSE Local Security Checks |
| NASL id | OPENSUSE-2020-685.NASL |
| description | This update for python-rpyc to 4.1.5 fixes the following issues : Security issue fixed : - CVE-2019-16328: Fixed a missing protocol security check that could have led to code execution (boo#1152987). |
| last seen | 2020-05-31 |
| modified | 2020-05-26 |
| plugin id | 136881 |
| published | 2020-05-26 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/136881 |
| title | openSUSE Security Update : python-rpyc (openSUSE-2020-685) |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.html
- https://github.com/tomerfiliba/rpyc
- https://github.com/tomerfiliba/rpyc
- https://rpyc.readthedocs.io/en/latest/docs/security.html
- https://rpyc.readthedocs.io/en/latest/docs/security.html