CVE-2023-30797
Lemur subject to insecure random generation
7.5
HIGH
CVSS 3.1
EPSS 0.34%
Description
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
How to fix CVE-2023-30797
To remediate CVE-2023-30797, upgrade the affected package to a fixed version below.
- PyPI/lemur—upgrade to 1.3.2 or later
- —upgrade to 666d853212174ee7f4e6f8b3b4b389ede1872238 or later
Is CVE-2023-30797 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.3.2
- from 0, < 666d853212174ee7f4e6f8b3b4b389ede1872238 | from 0, < 1.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |