CVE-2024-22194

CVSS 3.1 Score 2.8 of 10 (low)

Details

Published Jan 11, 2024

Updated: Jan 19, 2024

CWE ID 337

CWE ID 215

Summary

CVE-2024-22194 is a newly disclosed vulnerability affecting the `cdo-local-uuid` and `case-utils` projects. These tools provide UUID-generating functions, but in versions 0.4.0 of `cdo-local-uuid` and unpatched versions of `case-utils` (0.x.0, since 0.5.0, before 0.15.0), there exists an information leakage issue. The problem lies within the `local_uuid()` function in both projects, which can generate deterministic UUIDs upon user request. Consequently, an attacker could potentially deduce sensitive information by analyzing the generated UUIDs.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LF Projects, LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uETwFs
https://www.cve.org/CVERecord?id=CVE-2024-22194
https://nvd.nist.gov/vuln/detail/CVE-2024-22194

Back to Vulnerability Database

CVE-2024-22194

CVSS 3.1 Score 2.8 of 10 (low)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations