2.8

CVE-2024-22194

Exploit

cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. 
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LfprojectsCase Python Utilities Version0.5.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.6.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.7.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.8.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.9.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.10.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.11.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.12.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.13.0 SwPlatformpython
LfprojectsCase Python Utilities Version0.14.0 SwPlatformpython
LfprojectsCdo Local Uuid Utility Version0.4.0 SwPlatformpython
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.325
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.8 1.3 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
security-advisories@github.com 2.2 0.8 1.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CWE-215 Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
Patch
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
Patch
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
Patch
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
Third Party Advisory
Exploit
Mitigation
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
Patch
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
Patch
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
Patch
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
Patch
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
Patch
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
Patch
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
Patch
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
Patch
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
Patch
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
Patch