Vulnerabilities > CVE-2024-22194 - Unspecified vulnerability in Lfprojects Case Python Utilities and CDO Local Uuid Utility

047910
CVSS 2.8 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
lfprojects

Summary

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

References