Description
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| github.com/Masterminds/goutils | github.com/Masterminds/goutils | unaffected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| OpenShift Service Mesh 2.1 | |||
| servicemesh-0:2.1.6-1.el8 | cpe:/a:redhat:service_mesh:2.1::el8 | RHSA-2023:0540 | 2023-01-30T00:00:00Z |
| servicemesh-operator-0:2.1.6-1.el8 | cpe:/a:redhat:service_mesh:2.1::el8 | RHSA-2023:0540 | 2023-01-30T00:00:00Z |
| Red Hat OpenShift Container Platform 4.10 | |||
| openshift4/ose-cluster-network-operator:v4.10.0-202301310115.p0.gdc0a59a.assembly.stream | cpe:/a:redhat:openshift:4.10::el8 | RHSA-2023:0561 | 2023-02-08T00:00:00Z |
| openshift4/ose-installer:v4.10.0-202302161028.p0.g8862860.assembly.stream | cpe:/a:redhat:openshift:4.10::el8 | RHSA-2023:0899 | 2023-03-01T00:00:00Z |
| openshift4/ose-machine-config-operator:v4.10.0-202303032215.p0.ga21b2b8.assembly.stream | cpe:/a:redhat:openshift:4.10::el8 | RHSA-2023:1154 | 2023-03-16T00:00:00Z |
| openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202303162241.p0.g68b1665.assembly.stream | cpe:/a:redhat:openshift:4.10::el8 | RHSA-2023:1393 | 2023-03-29T00:00:00Z |
| Red Hat OpenShift Container Platform 4.11 | |||
| openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202301191245.p0.g4ffdd2f.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:0565 | 2023-02-07T00:00:00Z |
| openshift4/ose-image-customization-controller-rhel8:v4.11.0-202301252336.p0.ge0e3979.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:0565 | 2023-02-07T00:00:00Z |
| openshift4/ose-machine-config-operator:v4.11.0-202302071115.p0.gc101063.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:0651 | 2023-02-15T00:00:00Z |
| openshift4/ose-installer:v4.11.0-202302130454.p0.g59d1196.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:0774 | 2023-02-21T00:00:00Z |
| openshift4/dpu-network-rhel8-operator:v4.11.0-202302282354.p0.g7183b08.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:1159 | 2023-03-14T00:00:00Z |
| openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.11.0-202303151654.p0.g4695e71.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:1297 | 2023-03-22T00:00:00Z |
| Red Hat OpenShift Container Platform 4.12 | |||
| openshift4/ose-image-customization-controller-rhel8:v4.12.0-202301171655.p0.g27777d0.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2023:0449 | 2023-01-30T00:00:00Z |
| openshift4/ose-machine-config-operator:v4.12.0-202301262025.p0.ge3dc943.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2023:0569 | 2023-02-07T00:00:00Z |
| openshift4/ose-installer:v4.12.0-202302080355.p0.gb8d2457.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2023:0728 | 2023-02-16T00:00:00Z |
| openshift4/dpu-network-rhel8-operator:v4.12.0-202302111028.p0.gb6124a7.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2023:0770 | 2023-02-20T00:00:00Z |
| openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.12.0-202303081941.p0.gc56075a.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2023:1270 | 2023-03-21T00:00:00Z |
| Red Hat OpenShift Container Platform 4.13 | |||
| openshift4/ose-image-customization-controller-rhel8:v4.13.0-202304260928.p0.g8765166.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
| openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
| openshift4/ose-machine-config-operator:v4.13.0-202304251516.p0.g70aa0a5.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
| Red Hat OpenShift Container Platform 4.9 | |||
| openshift4/ose-cluster-network-operator:v4.9.0-202301301454.p0.gbb98961.assembly.stream | cpe:/a:redhat:openshift:4.9::el8 | RHSA-2023:0574 | 2023-02-13T00:00:00Z |
| Red Hat OpenShift GitOps 1.5 | |||
| openshift-gitops-1/applicationset-rhel8:v1.5.10-6 | cpe:/a:redhat:openshift_gitops:1.5::el8 | RHSA-2023:0804 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/argocd-rhel8:v1.5.10-6 | cpe:/a:redhat:openshift_gitops:1.5::el8 | RHSA-2023:0804 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/dex-rhel8:v1.5.10-6 | cpe:/a:redhat:openshift_gitops:1.5::el8 | RHSA-2023:0804 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/gitops-rhel8-operator:v1.5.10-6 | cpe:/a:redhat:openshift_gitops:1.5::el8 | RHSA-2023:0804 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/kam-delivery-rhel8:v1.5.10-6 | cpe:/a:redhat:openshift_gitops:1.5::el8 | RHSA-2023:0804 | 2023-02-17T00:00:00Z |
| Red Hat OpenShift GitOps 1.6 | |||
| openshift-gitops-1/argocd-rhel8:v1.6.5-5 | cpe:/a:redhat:openshift_gitops:1.6::el8 | RHSA-2023:0802 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/dex-rhel8:v1.6.5-5 | cpe:/a:redhat:openshift_gitops:1.6::el8 | RHSA-2023:0802 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/gitops-rhel8-operator:v1.6.5-5 | cpe:/a:redhat:openshift_gitops:1.6::el8 | RHSA-2023:0802 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/kam-delivery-rhel8:v1.6.5-5 | cpe:/a:redhat:openshift_gitops:1.6::el8 | RHSA-2023:0802 | 2023-02-17T00:00:00Z |
| Red Hat OpenShift GitOps 1.7 | |||
| openshift-gitops-1/argocd-rhel8:v1.7.2-5 | cpe:/a:redhat:openshift_gitops:1.7::el8 | RHSA-2023:0803 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/dex-rhel8:v1.7.2-5 | cpe:/a:redhat:openshift_gitops:1.7::el8 | RHSA-2023:0803 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/gitops-rhel8-operator:v1.7.2-5 | cpe:/a:redhat:openshift_gitops:1.7::el8 | RHSA-2023:0803 | 2023-02-17T00:00:00Z |
| openshift-gitops-1/kam-delivery-rhel8:v1.7.2-5 | cpe:/a:redhat:openshift_gitops:1.7::el8 | RHSA-2023:0803 | 2023-02-17T00:00:00Z |
| Red Hat OpenShift Service Mesh 2.3 for RHEL 8 | |||
| openshift-service-mesh/istio-rhel8-operator:2.3.1-10 | cpe:/a:redhat:service_mesh:2.3::el8 | RHSA-2023:0542 | 2023-01-30T00:00:00Z |
| RHODF-4.12-RHEL-8 | |||
| odf4/mcg-rhel8-operator:v4.12.1-4 | cpe:/a:redhat:openshift_data_foundation:4.12::el8 | RHSA-2023:1170 | 2023-03-08T00:00:00Z |
| RHODF-4.13-RHEL-9 | |||
| odf4/mcg-rhel9-operator:v4.13.0-41 | cpe:/a:redhat:openshift_data_foundation:4.13::el9 | RHSA-2023:3742 | 2023-06-21T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-7482 | Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. |
 Github GHSA |
GHSA-3839-6r69-m497 | GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected |
| Github GHSA |
GHSA-xg2h-wx96-xgxr | RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be |
References
History
Fri, 11 Apr 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Go
Published:
Updated: 2025-04-11T16:17:46.299Z
Reserved: 2022-07-29T19:56:49.058Z
Link: CVE-2021-4238
Vulnrichment
Updated: 2024-08-03T17:23:10.165Z
NVD
Status : Modified
Published: 2022-12-27T22:15:12.073
Modified: 2025-04-11T17:15:35.883
Link: CVE-2021-4238
Redhat
OpenCVE Enrichment
No data.
Weaknesses