Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
References
Link | Resource |
---|---|
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 | Patch |
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm | Vendor Advisory |
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md | Vendor Advisory |
https://vulncheck.com/advisories/netflix-lemur-weak-rng | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulnCheck
Published: 2023-04-19T19:10:12.523Z
Updated: 2023-04-19T19:10:12.523Z
Reserved: 2023-04-18T10:31:45.962Z
Link: CVE-2023-30797
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-19T20:15:12.377
Modified: 2023-05-01T19:55:01.860
Link: CVE-2023-30797
JSON object: View
Redhat Information
No data.
CWE