Base Score

CRITICAL9.8

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateJun 02, 2021, 14:15

Affected Versions(1)

github.com/satori/go.uuid(Go)

Introduced1.2.1-0.20180103161547-0ef6afb2f6cd

Fixed1.2.1-0.20180404165556-75cca531ea76

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/satori/go.uuid(Go)	1.2.1-0.20180103161547-0ef6afb2f6cd	1.2.1-0.20180404165556-75cca531ea76	N/A

Weakness Type (CWE):CWE-338

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-338

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH