Vulnerability Description
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palletsprojects | Werkzeug | < 0.15.3 |
| Opensuse | Leap | 15.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.htmlMailing ListThird Party Advisory
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3Product
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968faPatch
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/Release Notes
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.htmlMailing ListThird Party Advisory
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3Product
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968faPatch
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/Release Notes
FAQ
What is CVE-2019-14806?
CVE-2019-14806 is a vulnerability with a CVSS score of 7.5 (HIGH). Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
How severe is CVE-2019-14806?
CVE-2019-14806 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14806?
Check the references section above for vendor advisories and patch information. Affected products include: Palletsprojects Werkzeug, Opensuse Leap.