CVE-2024-45719Inadequate Encryption Strength in Apache Incubator-answer

CWE-326Inadequate Encryption Strength5 documents4 sources
Severity
2.6LOWNVD
EPSS
0.1%
top 74.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Apache Incubator-answerApache AnswerApache Software Foundation Apache Answer
Timeline
PublishedNov 22
Latest updateNov 27

Description

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages3 packages

NVDapache/answer< 1.4.1

🔴Vulnerability Details

4
OSV
Apache Answer: Predictable Authorization Token Using UUIDv1 in github.com/apache/incubator-answer2024-11-27
GHSA
Apache Answer: Predictable Authorization Token Using UUIDv12024-11-22
CVEList
Apache Answer: Predictable Authorization Token Using UUIDv12024-11-22
OSV
Apache Answer: Predictable Authorization Token Using UUIDv12024-11-22
CVE-2024-45719 — Inadequate Encryption Strength | cvebase