2.8
CVE-2024-22194
- EPSS 0.41%
- Veröffentlicht 11.01.2024 03:15:10
- Zuletzt bearbeitet 21.11.2024 08:55:46
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lfprojects ≫ Case Python Utilities Version0.5.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.6.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.7.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.8.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.9.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.10.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.11.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.12.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.13.0 SwPlatformpython
Lfprojects ≫ Case Python Utilities Version0.14.0 SwPlatformpython
Lfprojects ≫ Cdo Local Uuid Utility Version0.4.0 SwPlatformpython
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.325 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.8 | 1.3 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 2.2 | 0.8 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
|
CWE-215 Insertion of Sensitive Information Into Debugging Code
The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509