#VU30827 Insufficient Entropy in Werkzeug - CVE-2019-14806

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU30827

#VU30827 Insufficient Entropy in Werkzeug - CVE-2019-14806

Published: August 9, 2019 / Updated: July 17, 2020


Vulnerability identifier: #VU30827
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-14806
CWE-ID: CWE-331
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Werkzeug
Software vendor:
The Pallets Projects

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.


Remediation

Install update from vendor's website.

External links