7.5

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PalletsprojectsWerkzeug Version < 0.15.3
OpensuseLeap Version15.0
OpensuseLeap Version15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
Third Party Advisory
Mailing List
https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
Product
https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
Patch
https://palletsprojects.com/blog/werkzeug-0-15-3-released/
Release Notes