CVE Vulnerability

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246 Patch Third Party Advisory
https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168 Third Party Advisory
https://palletsprojects.com/blog/werkzeug-0-15-3-released/ Release Notes Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
Configurations

Configuration 1

cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
Information

Published : 2019-08-09 03:15

Updated : 2019-09-11 12:15

NVD link : CVE-2019-14806

Mitre link : CVE-2019-14806

Products Affected

Palletsprojects

Werkzeug

CWE
CWE-331

Insufficient Entropy