Nixpkgs security tracker

Permalink CVE-2023-30797

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

References

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisory
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patch
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisory
https://vulncheck.com/advisories/netflix-lemur-weak-rng third-party-advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisoryx_transferred
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patchx_transferred
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisoryx_transferred
https://vulncheck.com/advisories/netflix-lemur-weak-rng third-party-advisoryx_transferred
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisory
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patch
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisory
https://vulncheck.com/advisories/netflix-lemur-weak-rng third-party-advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisoryx_transferred
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patchx_transferred
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisoryx_transferred
https://vulncheck.com/advisories/netflix-lemur-weak-rng third-party-advisoryx_transferred
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisory
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patch
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisory
https://vulncheck.com/advisories/netflix-lemur-weak-rng third-party-advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisoryx_transferred
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patchx_transferred
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisoryx_transferred
https://vulncheck.com/advisories/netflix-lemur-weak-rng third-party-advisoryx_transferred

Affected products

lemur

<<1.3.2

Matching in nixpkgs

pkgs.lemurs

Customizable TUI display/login manager written in Rust

nixos-unstable 0.3.2
- nixpkgs-unstable 0.3.2
- nixos-unstable-small 0.3.2

Package maintainers

@JeremiahSecrist Jeremiah Secrist <jeremiah@secrist.xyz>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.lemurs

Package maintainers