Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-22194

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-11 Jan, 2024 | 02:21
Updated At-03 Jun, 2025 | 14:25
Rejected At-
Credits

cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:11 Jan, 2024 | 02:21
Updated At:03 Jun, 2025 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

Affected Products
Vendor
Cyber-Domain-Ontology
Product
CDO-Utility-Local-UUID
Versions
Affected
  • = 0.4.0
  • = 0.5.0
  • = 0.6.0
  • = 0.7.0
  • = 0.8.0
  • = 0.9.0
  • = 0.10.0
  • = 0.11.0
  • = 0.12.0
Problem Types
TypeCWE IDDescription
CWECWE-215CWE-215: Insertion of Sensitive Information Into Debugging Code
CWECWE-337CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
Type: CWE
CWE ID: CWE-215
Description: CWE-215: Insertion of Sensitive Information Into Debugging Code
Type: CWE
CWE ID: CWE-337
Description: CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
Metrics
VersionBase scoreBase severityVector
3.12.2LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 2.2
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
x_refsource_CONFIRM
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
x_refsource_MISC
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
x_refsource_MISC
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
x_refsource_MISC
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
x_refsource_MISC
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
Resource:
x_refsource_MISC
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
Resource:
x_refsource_MISC
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
Resource:
x_refsource_MISC
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
x_refsource_CONFIRM
x_transferred
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
x_refsource_MISC
x_transferred
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
x_refsource_MISC
x_transferred
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
x_refsource_MISC
x_transferred
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:11 Jan, 2024 | 03:15
Updated At:19 Jan, 2024 | 19:03

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.12.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Secondary3.12.2LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 2.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 2.2
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CPE Matches
lfprojects
lfprojects
>>case_python_utilities>>0.5.0
cpe:2.3:a:lfprojects:case_python_utilities:0.5.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.6.0
cpe:2.3:a:lfprojects:case_python_utilities:0.6.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.7.0
cpe:2.3:a:lfprojects:case_python_utilities:0.7.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.8.0
cpe:2.3:a:lfprojects:case_python_utilities:0.8.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.9.0
cpe:2.3:a:lfprojects:case_python_utilities:0.9.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.10.0
cpe:2.3:a:lfprojects:case_python_utilities:0.10.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.11.0
cpe:2.3:a:lfprojects:case_python_utilities:0.11.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.12.0
cpe:2.3:a:lfprojects:case_python_utilities:0.12.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.13.0
cpe:2.3:a:lfprojects:case_python_utilities:0.13.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>case_python_utilities>>0.14.0
cpe:2.3:a:lfprojects:case_python_utilities:0.14.0:*:*:*:*:python:*:*
lfprojects
lfprojects
>>cdo_local_uuid_utility>>0.4.0
cpe:2.3:a:lfprojects:cdo_local_uuid_utility:0.4.0:*:*:*:*:python:*:*
Weaknesses
CWE IDTypeSource
CWE-215Primarysecurity-advisories@github.com
CWE-337Primarysecurity-advisories@github.com
CWE ID: CWE-215
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-337
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235security-advisories@github.com
Patch
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3security-advisories@github.com
Patch
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4security-advisories@github.com
Patch
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882security-advisories@github.com
Exploit
Mitigation
Third Party Advisory
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6bsecurity-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9dsecurity-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452security-advisories@github.com
Patch
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509security-advisories@github.com
Patch
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882
Source: security-advisories@github.com
Resource:
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509
Source: security-advisories@github.com
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found