CVE-2021-3538 - A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099

CVE-2021-3538

Summary

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1954376
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
https://github.com/satori/go.uuid/issues/73

Vulnerable Configurations

cpe:2.3:a:go.uuid_project:go.uuid:*:*:*:*:*:*:*:*
cpe:2.3:a:go.uuid_project:go.uuid:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 14-06-2021 - 13:37)
Impact:
Exploitability:

CWE

CWE-338

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

14-06-2021 - 13:37

Published

02-06-2021 - 14:15

Last modified

14-06-2021 - 13:37