Lucene search

GitHub_MCVELIST:CVE-2024-22194

HistoryJan 11, 2024 - 2:21 a.m.

CVE-2024-22194 cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

2024-01-1102:21:53

CWE-215

CWE-337

GitHub_M

www.cve.org

cdo-local-uuid

information leakage

vulnerability

version 0.4.0

case-utils

unpatched

versions

0.5.0

0.14.0

python

function

2.2 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function, cdo_local_uuid.local_uuid(), and its original implementation case_utils.local_uuid().

CNA Affected

[
  {
    "vendor": "Cyber-Domain-Ontology",
    "product": "CDO-Utility-Local-UUID",
    "versions": [
      {
        "version": "= 0.4.0",
        "status": "affected"
      },
      {
        "version": "= 0.5.0",
        "status": "affected"
      },
      {
        "version": "= 0.6.0",
        "status": "affected"
      },
      {
        "version": "= 0.7.0",
        "status": "affected"
      },
      {
        "version": "= 0.8.0",
        "status": "affected"
      },
      {
        "version": "= 0.9.0",
        "status": "affected"
      },
      {
        "version": "= 0.10.0",
        "status": "affected"
      },
      {
        "version": "= 0.11.0",
        "status": "affected"
      },
      {
        "version": "= 0.12.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9

github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b

github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10

github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790

github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2

github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5

github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d

github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1

github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452

github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509

github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235

github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3

github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4

github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882

2.2 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2024-22194