High severityNVD Advisory· Published Feb 8, 2014· Updated Jun 16, 2026
CVE-2013-2191
CVE-2013-2191
Description
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-bugzillaPyPI | < 0.9.0 | 0.9.0 |
Affected products
12cpe:2.3:a:python_bugzilla_project:python-bugzilla:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:python_bugzilla_project:python-bugzilla:*:*:*:*:*:*:*:*range: <=0.8.0
- cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:python_bugzilla_project:python-bugzilla:0.7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
- ghsa-coords2 versions
< 0.9.0+ 1 more
- (no CPE)range: < 0.9.0
- (no CPE)range: < 1.2.2-1.1
Patches
Vulnerability mechanics
References
10- git.fedorahosted.org/cgit/python-bugzilla.git/commit/nvdPatchWEB
- github.com/advisories/GHSA-2q4h-27m7-rj67ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2191ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2013-07/msg00025.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2013-07/msg00026.htmlnvdWEB
- www.openwall.com/lists/oss-security/2013/06/19/6nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/python-bugzilla/PYSEC-2014-88.yamlghsaWEB
- github.com/python-bugzilla/python-bugzilla/commit/a782282ee479ba4cc1b8b1d89700ac630ba83eefghsaWEB
- lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.htmlnvdWEB
News mentions
0No linked articles in our index yet.