Detections
Analytics
EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2025-2443)
high Nessus Plugin ID 276483
Synopsis
The remote EulerOS host is missing multiple security updates.Description
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.(CVE-2024-47081)
Tenable has extracted the preceding description block directly from the EulerOS python-pip security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected python-pip packages.See Also
Plugin Details
Severity: High
ID: 276483
File Name: EulerOS_SA-2025-2443.nasl
Version: 1.1
Type: local
Family: Huawei Local Security Checks
Published: 11/21/2025
Updated: 11/21/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N
CVSS Score Source: CVE-2024-43204
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:huawei:euleros:mod_ssl, p-cpe:/a:huawei:euleros:httpd-tools, p-cpe:/a:huawei:euleros:httpd-filesystem, p-cpe:/a:huawei:euleros:httpd, cpe:/o:huawei:euleros:2.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp
Excluded KB Items: Host/EulerOS/uvp_version
Exploit Ease: No known exploits are available
Patch Publication Date: 11/20/2025
Vulnerability Publication Date: 7/8/2025