CVE-2019-14806
Aliases:GHSA-gq9m-qvpx-68hcPYSEC-2019-140
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 09 Aug 2019, 14:29
Last modified:05 Aug 2024, 00:26
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.26% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Aug 2019, 14:29
Published
Vulnerability first disclosed
05 Aug 2024, 00:26
Last Modified
Vulnerability information updated
Description
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
CVSS Metrics
- v4.0•HIGH•Score: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.26%• Percentile: 49%
Techniques & Countermeasures
- CWE-331•Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Affected Systems
- opensuse•leap
15.0 | 15.1
- palletsprojects•werkzeug
< 0.15.3
- PyPI•werkzeug
< 00bc43b1672e662e5e3b8cecd79e67fc968fa246 | < 0.15.3
References (10)
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-14806
- https://github.com/pallets/werkzeug
- https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml
- https://palletsprojects.com/blog/werkzeug-0-15-3-released
- https://github.com/advisories/GHSA-gq9m-qvpx-68hc