CVE-2024-22194
Published Jan 11, 2024
Last updated 10 months ago
Overview
- Description
- cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 2.8
- Impact score
- 1.4
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- Severity
- LOW
Weaknesses
- security-advisories@github.com
- CWE-215
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.5.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "4E51AD2E-CCCC-49CB-884C-AE7E5520AE03"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.6.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "824DCDCC-5ED0-4B22-9B1C-BED8AB8C829D"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.7.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "29159383-18CE-4726-A720-5A3E51F4FA3E"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.8.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "7782FE6A-5CF4-4C6F-A090-AD35DCEC83D3"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.9.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "B717C054-3F5E-4C4A-A0F9-BB25BB3257F1"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.10.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "17A5F451-9403-426D-8CED-F2D3071572A1"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.11.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "4CCA01E2-7F94-4036-BC86-86A76C5B6261"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.12.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "38A4A141-2D71-4A8E-80A4-9C3B3D25D3C5"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.13.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "971C2825-0C3F-4A19-8E3F-8254D3246B56"
},
{
"criteria": "cpe:2.3:a:lfprojects:case_python_utilities:0.14.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "7AE69ADE-F5F2-420C-BB31-1DD0FA92CCA2"
},
{
"criteria": "cpe:2.3:a:lfprojects:cdo_local_uuid_utility:0.4.0:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "1395DAD2-0463-4F6B-8053-4DCFDE5AD075"
}
],
"operator": "OR"
}
]
}
]