exploitDog

CVE-2024-45719

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 2.6

EPSS Низкий

Описание

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.0.

The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Ссылки

https://lists.apache.org/thread/sz2d0z39k01nbx3r9pj65t76o1hy9491
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/22/1
Mailing List

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*

Версия до 1.4.1 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

2.6 Low

CVSS3

Дефекты

CWE-326

Связанные уязвимости

GHSA-mr95-vfcf-fx9p

CVSS3: 2.6

github

около 1 года назад

Apache Answer: Predictable Authorization Token Using UUIDv1

EPSS

Процентиль: 21%

0.00066

Низкий

2.6 Low

CVSS3

Дефекты

CWE-326