Vulnerabilities > CVE-2015-8851 - Insufficient Entropy vulnerability in Node-Uuid Project Node-Uuid

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
node-uuid-project
CWE-331
NVD
Published: 2020-01-30
Updated: 2020-02-05

Summary

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

Vulnerable Configurations

Part Description Count
Application
Node-Uuid_Project
11

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Redhat

rpms
  • atomic-openshift-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-clients-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-clients-redistributable-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-dockerregistry-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-master-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-node-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-pod-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-recycle-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-sdn-ovs-0:3.2.1.1-1.git.0.96f9555.el7
  • atomic-openshift-tests-0:3.2.1.1-1.git.0.96f9555.el7
  • heapster-0:1.1.0-1.beta2.el7
  • tuned-profiles-atomic-openshift-node-0:3.2.1.1-1.git.0.96f9555.el7

References