{"containers": {"cna": {"affected": [{"product": "node-uuid", "vendor": "node-uuid", "versions": [{"status": "affected", "version": "before 1.4.4"}]}], "datePublic": "2016-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-30T20:43:26", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodesecurity.io/advisories/93"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-8851", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "node-uuid", "version": {"version_data": [{"version_value": "before 1.4.4"}]}}]}, "vendor_name": "node-uuid"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d", "refsource": "CONFIRM", "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"name": "https://nodesecurity.io/advisories/93", "refsource": "CONFIRM", "url": "https://nodesecurity.io/advisories/93"}, {"name": "http://www.openwall.com/lists/oss-security/2016/04/13/8", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:22.071Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodesecurity.io/advisories/93"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-8851", "datePublished": "2020-01-30T20:43:26", "dateReserved": "2016-04-13T00:00:00", "dateUpdated": "2024-08-06T08:29:22.071Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:node-uuid_project:node-uuid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "64FB099E-E5F0-4372-95AE-614BB11C3CFC", "versionEndExcluding": "1.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing."}, {"lang": "es", "value": "node-uuid versiones anteriores a 1.4.4, utiliza datos insuficientemente aleatorios para crear un GUID, lo que podr\u00eda facilitar a atacantes tener un impacto no especificado por medio de la adivinaci\u00f3n por fuerza bruta."}], "id": "CVE-2015-8851", "lastModified": "2020-02-05T17:26:43.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-30T21:15:14.653", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/04/13/8"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/93"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2016:1343", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "atomic-openshift-0:3.2.1.1-1.git.0.96f9555.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-06-27T00:00:00Z"}, {"advisory": "RHBA-2016:1343", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "heapster-0:1.1.0-1.beta2.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-06-27T00:00:00Z"}], "bugzilla": {"description": "nodejs-node-uuid: insecure entropy source - Math.random()", "id": "1327056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327056"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-331", "details": ["node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.", "It was found that NodeJS node-uuid used Math.random() to create a GUID (Globally Unique Identifier) which does not provide enough entropy (on some platforms it only provides 32 bits) which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks against a system using node-uuid."], "name": "CVE-2015-8851", "package_state": [{"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Affected", "package_name": "nodejs010-nodejs-node-uuid", "product_name": "Red Hat Software Collections"}], "public_date": "2016-03-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8851\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8851\nhttps://nodesecurity.io/advisories/93"], "threat_severity": "Moderate", "upstream_fix": "nodejs-node-uuid 1.4.4"}