Vulnerability Description
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netflix | Lemur | < 1.3.2 |
Related Weaknesses (CWE)
References
- https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238Patch
- https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gmVendor Advisory
- https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-0Vendor Advisory
- https://vulncheck.com/advisories/netflix-lemur-weak-rngThird Party Advisory
- https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238Patch
- https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gmVendor Advisory
- https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-0Vendor Advisory
- https://vulncheck.com/advisories/netflix-lemur-weak-rngThird Party Advisory
FAQ
What is CVE-2023-30797?
CVE-2023-30797 is a vulnerability with a CVSS score of 7.5 (HIGH). Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain acces...
How severe is CVE-2023-30797?
CVE-2023-30797 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30797?
Check the references section above for vendor advisories and patch information. Affected products include: Netflix Lemur.