CVE-2024-22194
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
El proyecto cdo-local-uuid proporciona una función especializada de generación de UUID que puede, a petición del usuario, hacer que un programa genere UUID deterministas. Una vulnerabilidad de fuga de información está presente en `cdo-local-uuid` en la versión `0.4.0`, y en `case-utils` en versiones sin parches (que coinciden con el patrón `0.x.0`) en y desde `0.5. 0`, antes de `0.15.0`. La vulnerabilidad surge de una función de Python, `cdo_local_uuid.local_uuid()`, y su implementación original `case_utils.local_uuid()`.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-08 CVE Reserved
- 2024-01-11 CVE Published
- 2024-01-20 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-215: Insertion of Sensitive Information Into Debugging Code
- CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
CAPEC
References (14)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882 | 2024-08-01 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.5.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.5.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.6.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.6.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.7.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.7.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.8.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.8.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.9.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.9.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.10.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.10.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.11.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.11.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.12.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.12.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.13.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.13.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Case Python Utilities Search vendor "Lfprojects" for product "Case Python Utilities" | 0.14.0 Search vendor "Lfprojects" for product "Case Python Utilities" and version "0.14.0" | python |
Affected
| ||||||
| Lfprojects Search vendor "Lfprojects" | Cdo Local Uuid Utility Search vendor "Lfprojects" for product "Cdo Local Uuid Utility" | 0.4.0 Search vendor "Lfprojects" for product "Cdo Local Uuid Utility" and version "0.4.0" | python |
Affected
| ||||||