Описание
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function, cdo_local_uuid.local_uuid(), and its original implementation case_utils.local_uuid().
Ссылки
- Patch
- Patch
- Patch
- ExploitMitigationThird Party Advisory
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- ExploitMitigationThird Party Advisory
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:lfprojects:case_python_utilities:0.5.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.6.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.7.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.8.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.9.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.10.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.11.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.12.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.13.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:case_python_utilities:0.14.0:*:*:*:*:python:*:*
cpe:2.3:a:lfprojects:cdo_local_uuid_utility:0.4.0:*:*:*:*:python:*:*
EPSS
Процентиль: 9%
0.00031
Низкий
2.2 Low
CVSS3
2.8 Low
CVSS3
Дефекты
CWE-215
Связанные уязвимости
CVSS3: 2.2
github
около 2 лет назад
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
EPSS
Процентиль: 9%
0.00031
Низкий
2.2 Low
CVSS3
2.8 Low
CVSS3
Дефекты
CWE-215