Vulnerability Details : CVE-2023-30797
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
Products affected by CVE-2023-30797
- cpe:2.3:a:netflix:lemur:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30797
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30797
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
VulnCheck | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-30797
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by:
- disclosure@vulncheck.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-30797
-
https://vulncheck.com/advisories/netflix-lemur-weak-rng
Insecure random generation in Netflix Lemur python app | VulnCheck AdvisoriesThird Party Advisory
-
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238
Merge pull request from GHSA-5fqv-mpj8-h7gm · Netflix/lemur@666d853 · GitHubPatch
-
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm
NFLX-2023-001 Insecure random generation · Advisory · Netflix/lemur · GitHubVendor Advisory
-
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md
security-bulletins/nflx-2023-001.md at master · Netflix/security-bulletins · GitHubVendor Advisory
Jump to