CVE-2024-22194

low-risk
Published 2024-01-11

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.2/10 Low
LOCAL / HIGH complexity

Affected Products (11)

Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Case Python Utilities
Cdo Local Uuid Utility

Affected Vendors

Lfprojects

References (28)

Patch https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1...
Patch https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
Patch https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
Exploit https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisor...
Patch https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a...
Patch https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f649...
Patch https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90...
Patch https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec9...
Patch https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14...
Patch https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabb...
Patch https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced...
Patch https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d...
Patch https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e...
Patch https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd9...
Patch https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1...
Patch https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
Patch https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
Exploit https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisor...
Patch https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a...
Patch https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f649...
and 8 more references
22
/ 100
low-risk
Severity 6/34 · Minimal
Exploitability 0/34 · Minimal
Exposure 16/34 · Moderate