Vulnerabilities > CVE-2024-22194 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Lfprojects Case Python Utilities and CDO Local Uuid Utility

CVSS 2.8 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

lfprojects

CWE-337

NVD

Published: 2024-01-11

Updated: 2024-01-19

Summary

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

Vulnerable Configurations

Part	Description	Count
Application	Lfprojects Lfprojects Case Python Utilities 0.5.0 Lfprojects Case Python Utilities 0.6.0 Lfprojects Case Python Utilities 0.7.0 Lfprojects Case Python Utilities 0.8.0 Lfprojects Case Python Utilities 0.9.0 Lfprojects Case Python Utilities 0.10.0 Lfprojects Case Python Utilities 0.11.0 Lfprojects Case Python Utilities 0.12.0 Lfprojects Case Python Utilities 0.13.0 Lfprojects Case Python Utilities 0.14.0 Lfprojects CDO Local Uuid Utility 0.4.0	11

Common Weakness Enumeration (CWE)

CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References