CVE-2024-22194

Description

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function, cdo_local_uuid.local_uuid(), and its original implementation case_utils.local_uuid().

CVSS Version 3.1

nvd
CVE ID: CVE-2024-22194
Base Score: 2.8
Base Severity: LOW
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 1.3

github
CVE ID: CVE-2024-22194
Base Score: 2.2
Base Severity: LOW
Vector String:CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 0.8

Refrence: NVD MITRE

Description​

Description