Lucene search

GoogleOSV:CVE-2023-30797

HistoryApr 19, 2023 - 8:15 p.m.

CVE-2023-30797

2023-04-1920:15:12

Google

osv.dev

netflix

lemur

credentials

security

vulnerability

attack

resources

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

CPENameOperatorVersion
lemureq1.1.0
lemureq0.3.0
lemureq0.4.0
lemureq1.3.0
lemureq1.2.0
lemureq0.1.3
lemureq0.10.0
lemureq0.2
lemureq1.3.1
lemureq0.2.1

Name	Operator	Version
lemur	eq	1.1.0
lemur	eq	0.3.0
lemur	eq	0.4.0
lemur	eq	1.3.0
lemur	eq	1.2.0
lemur	eq	0.1.3
lemur	eq	0.10.0
lemur	eq	0.2
lemur	eq	1.3.1
lemur	eq	0.2.1

Rows per page:

1-10 of 241

References

github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238

github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm

github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md

vulncheck.com/advisories/netflix-lemur-weak-rng

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for OSV:CVE-2023-30797