CVE Vulnerabilities

[adam-intel]

• YubiKey Manager version: yubikey-manager-qt version 1.2.6
• How was it installed?: Via the exe https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-win64.exe
• Operating system and version: Windows Server 2019
• YubiKey model and version: NA
• Bug description summary:

Version	CVEs	FilePath	InfoCount	LowCount	MediumCount	HighCount	CriticalCount	FixedVersion	Remediation
3.11.8	CVE-2024-3219, CVE-2024-0397, CVE-2024-6923, CVE-2024-8088, CVE-2024-4030, CVE-2024-4032	C:\Program Files\Yubico\YubiKey Manager\python311.dll	2	0	1	3	0	3.11.10	Update 'Python Interpreter' to version 3.11.10
3.0.13.0	CVE-2024-6119, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-9143	C:\Program Files\Yubico\YubiKey Manager\libssl-3.dll	1	1	2	2	0	3.0.16	Update 'OpenSSL' to version 3.0.16

Steps to reproduce

[Please explain what you did when the bug appeared, and if and how you have been
able to reproduce it.]

Expected result

[What did you expect to happen when you did the above?]

Actual results

[What actually happened?]

Other info

[Anything else you would like to add?]

[n3mawashi]

Hi Is there any update on when the Python version will move to 3.12.6 or greater?

[dainnilsson]

Hi, these CVSs have been assessed by our security team and we have found that they do not impact this project.

We do not have plans to move this project to a new Python version. I would strongly recommend you move to Yubico Authenticator which is regularly updated, and offers much more functionality than this tool.