CVE-2019-14806
N/A
N/A
Summary
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/init.py#L168
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
References
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/init.py#L168
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.