Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3538

Опубликовано: 24 мар. 2018
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

A flaw was found in github.com/satori/go.uuid. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

Отчет

For OpenShift Virtualization, github.com/satori/go.uuid is referenced in some of the projects' go.sum files, however it is only used in ovs-cni-plugin-container, where a version including the fix for this flaw is used. An upstream fix has been pushed into the master branch [1], but new release was not published. [1] https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Containersrhmtc/openshift-migration-controller-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-registry-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-velero-plugin-for-gcp-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-velero-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rbac-query-proxy-containerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/acm-grafana-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/cert-policy-controller-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/cluster-curator-controller-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/clusterlifecycle-state-metrics-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-338
https://bugzilla.redhat.com/show_bug.cgi?id=1954376satori/go.uuid: predictable UUIDs generated via insecure randomness

EPSS

Процентиль: 63%
0.00457
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3538

CVSS3: 9.8
ubuntu
больше 4 лет назад

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

nvd логотип

CVE-2021-3538

CVSS3: 9.8
nvd
больше 4 лет назад

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

debian логотип

CVE-2021-3538

CVSS3: 9.8
debian
больше 4 лет назад

A flaw was found in github.com/satori/go.uuid in versions from commit ...

github логотип

GHSA-33m6-q9v5-62r7

CVSS3: 9.8
github
почти 3 года назад

go.uuid has Predictable UUID Identifiers

EPSS

Процентиль: 63%
0.00457
Низкий

9.8 Critical

CVSS3

Уязвимость CVE-2021-3538