Vulnerability DatabaseCVE-2024-22194
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-22194
January 11, 2024
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in "cdo-local-uuid" at version "0.4.0", and in "case-utils" in unpatched versions (matching the pattern "0.x.0") at and since "0.5.0", before "0.15.0". The vulnerability stems from a Python function, "cdo_local_uuid.local_uuid()", and its original implementation "case_utils.local_uuid()".
Affected Packages
case-utils (PYTHON):
Affected version(s) =0.9.0 <0.9.1
Fix Suggestion:
Update to version 0.9.1
case-utils (PYTHON):
Affected version(s) =0.13.0 <0.13.1
Fix Suggestion:
Update to version 0.13.1
case-utils (PYTHON):
Affected version(s) =0.11.0 <0.11.1
Fix Suggestion:
Update to version 0.11.1
case-utils (PYTHON):
Affected version(s) =0.10.0 <0.10.1
Fix Suggestion:
Update to version 0.10.1
case-utils (PYTHON):
Affected version(s) =0.8.0 <0.8.1
Fix Suggestion:
Update to version 0.8.1
case-utils (PYTHON):
Affected version(s) =0.14.0 <0.14.1
Fix Suggestion:
Update to version 0.14.1
case-utils (PYTHON):
Affected version(s) =0.12.0 <0.12.1
Fix Suggestion:
Update to version 0.12.1
case-utils (PYTHON):
Affected version(s) =0.5.0 <0.5.1
Fix Suggestion:
Update to version 0.5.1
cdo-local-uuid (PYTHON):
Affected version(s) =0.4.0 <0.5.0
Fix Suggestion:
Update to version 0.5.0
case-utils (PYTHON):
Affected version(s) =0.6.0 <0.6.1
Fix Suggestion:
Update to version 0.6.1
case-utils (PYTHON):
Affected version(s) =0.7.0 <0.7.1
Fix Suggestion:
Update to version 0.7.1
Related ResourcesĀ (18)
https://github.com/pypa/advisory-database/tree/main/vulns/cdo-local-uuid/PYSEC-2024-6.yaml
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
https://github.com/pypa/advisory-database/tree/main/vulns/case-utils/PYSEC-2024-5.yaml
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
https://nvd.nist.gov/vuln/detail/CVE-2024-22194
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
Do you need more information?
Contact Us
CVSS v4
Base Score:
1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
UNREPORTED
CVSS v3
Base Score:
2.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Insertion of Sensitive Information Into Debugging Code
CWE-215
Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE-337
EPSS
Base Score:
0.03