Описание
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Отчет
While Red Hat Quay contains a vulnerable version of python-werkzeug in the quay container image, use of the debug feature is not recommended in any upstream or downstream documentation. A user of Red Hat Quay would have to enable python-werkzeug debugging before Red Hat Quay became vulnerable. This issue did not affect the versions of python-werkzeug as shipped with Red Hat Update Infrastructure as they did not include support for PIN based authentication. The same is true for the versions of python-werkzeug as shipped with Red Hat Enterprise Linux 8. Red Hat Satellite ships vulnerable python-werkzeug, however, it is not affected because it uses python-werkzeug as a dependency of python-flask required by Crane component and therefore package does not get invoked directly.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | python-werkzeug | Not affected | ||
| Red Hat Enterprise Linux 8 | python-werkzeug | Not affected | ||
| Red Hat OpenStack Platform 14 (Rocky) | python-werkzeug | Out of support scope | ||
| Red Hat OpenStack Platform 15 (Stein) | python-werkzeug | Out of support scope | ||
| Red Hat Quay 3 | quay | Not affected | ||
| Red Hat Satellite 6 | python-werkzeug | Will not fix | ||
| Red Hat Storage 3 | python-werkzeug | Not affected | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | python-werkzeug | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...
EPSS
7.5 High
CVSS3