CVE-2023-30797

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-30797

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30797.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-30797

Aliases

Related

GHSA-5fqv-mpj8-h7gm

Published

2023-04-19T20:15:12Z

Modified

2025-02-05T18:48:22.315057Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

References

Affected packages

Git / github.com/netflix/lemur

Affected ranges

Type: GIT
Repo: https://github.com/netflix/lemur
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

666d853212174ee7f4e6f8b3b4b389ede1872238

Fixed

666d853212174ee7f4e6f8b3b4b389ede1872238

Affected versions

0.*

0.1

0.1.2

0.1.3

0.1.4

0.1.5

0.2

0.2.1

0.2.2

0.3.0

0.4.0

0.5.0

0.5.1

0.6.0

0.7.0

0.8.0

v0.*

v0.10.0

v0.11.0

v0.8.1

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1