Описание
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Not affected | ||
| Cryostat 2 | cryostat-tech-preview/cryostat-rhel8-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/lokistack-gateway-rhel9 | Not affected | ||
| OpenShift Developer Tools and Services | helm | Affected | ||
| OpenShift Developer Tools and Services | jenkins-operator-container | Affected | ||
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/ingress-rhel8-operator | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/serving-queue-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Randomly-generated alphanumeric strings contain significantly less ent ...
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
EPSS
7 High
CVSS3