{"containers": {"cna": {"affected": [{"product": "node-uuid", "vendor": "node-uuid", "versions": [{"status": "affected", "version": "before 1.4.4"}]}], "datePublic": "2016-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-30T20:43:26", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodesecurity.io/advisories/93"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2015-8851", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "node-uuid", "version": {"version_data": [{"version_value": "before 1.4.4"}]}}]}, "vendor_name": "node-uuid"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d", "refsource": "CONFIRM", "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"name": "https://nodesecurity.io/advisories/93", "refsource": "CONFIRM", "url": "https://nodesecurity.io/advisories/93"}, {"name": "http://www.openwall.com/lists/oss-security/2016/04/13/8", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:22.071Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodesecurity.io/advisories/93"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-8851", "datePublished": "2020-01-30T20:43:26", "dateReserved": "2016-04-13T00:00:00", "dateUpdated": "2024-08-06T08:29:22.071Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:node-uuid_project:node-uuid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "64FB099E-E5F0-4372-95AE-614BB11C3CFC", "versionEndExcluding": "1.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."}, {"lang": "es", "value": "node-uuid versiones anteriores a 1.4.4, utiliza datos insuficientemente aleatorios para crear un GUID, lo que podr\u00eda facilitar a atacantes tener un impacto no especificado por medio de la adivinaci\u00f3n por fuerza bruta."}], "id": "CVE-2015-8851", "lastModified": "2024-11-21T02:39:18.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2020-01-30T21:15:14.653", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/93"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/93"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2016:1343", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "atomic-openshift-0:3.2.1.1-1.git.0.96f9555.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-06-27T00:00:00Z"}, {"advisory": "RHBA-2016:1343", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "heapster-0:1.1.0-1.beta2.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-06-27T00:00:00Z"}], "bugzilla": {"description": "nodejs-node-uuid: insecure entropy source - Math.random()", "id": "1327056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-331", "details": ["node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.", "It was found that NodeJS node-uuid used Math.random() to create a GUID (Globally Unique Identifier) which does not provide enough entropy (on some platforms it only provides 32 bits) which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks against a system using node-uuid."], "name": "CVE-2015-8851", "package_state": [{"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Affected", "package_name": "nodejs010-nodejs-node-uuid", "product_name": "Red Hat Software Collections"}], "public_date": "2016-03-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8851\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8851\nhttps://nodesecurity.io/advisories/93"], "threat_severity": "Moderate", "upstream_fix": "nodejs-node-uuid 1.4.4"}