CVE-2021-4238 - Vulnerability Details

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00281.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Goutils Project	Goutils
Redhat	Openshift Openshift Data Foundation Openshift Gitops Service Mesh

Configuration 1 [-]

cpe:2.3:a:goutils_project:goutils:*:*:*:*:*:go:*:*

Package	CPE	Advisory	Released Date
OpenShift Service Mesh 2.1
servicemesh-0:2.1.6-1.el8	cpe:/a:redhat:service_mesh:2.1::el8	RHSA-2023:0540	2023-01-30T00:00:00Z
servicemesh-operator-0:2.1.6-1.el8	cpe:/a:redhat:service_mesh:2.1::el8	RHSA-2023:0540	2023-01-30T00:00:00Z
Red Hat OpenShift Container Platform 4.10
openshift4/ose-cluster-network-operator:v4.10.0-202301310115.p0.gdc0a59a.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:0561	2023-02-08T00:00:00Z
openshift4/ose-installer:v4.10.0-202302161028.p0.g8862860.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:0899	2023-03-01T00:00:00Z
openshift4/ose-machine-config-operator:v4.10.0-202303032215.p0.ga21b2b8.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:1154	2023-03-16T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202303162241.p0.g68b1665.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:1393	2023-03-29T00:00:00Z
Red Hat OpenShift Container Platform 4.11
openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202301191245.p0.g4ffdd2f.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0565	2023-02-07T00:00:00Z
openshift4/ose-image-customization-controller-rhel8:v4.11.0-202301252336.p0.ge0e3979.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0565	2023-02-07T00:00:00Z
openshift4/ose-machine-config-operator:v4.11.0-202302071115.p0.gc101063.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0651	2023-02-15T00:00:00Z
openshift4/ose-installer:v4.11.0-202302130454.p0.g59d1196.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:0774	2023-02-21T00:00:00Z
openshift4/dpu-network-rhel8-operator:v4.11.0-202302282354.p0.g7183b08.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:1159	2023-03-14T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.11.0-202303151654.p0.g4695e71.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2023:1297	2023-03-22T00:00:00Z
Red Hat OpenShift Container Platform 4.12
openshift4/ose-image-customization-controller-rhel8:v4.12.0-202301171655.p0.g27777d0.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0449	2023-01-30T00:00:00Z
openshift4/ose-machine-config-operator:v4.12.0-202301262025.p0.ge3dc943.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0569	2023-02-07T00:00:00Z
openshift4/ose-installer:v4.12.0-202302080355.p0.gb8d2457.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0728	2023-02-16T00:00:00Z
openshift4/dpu-network-rhel8-operator:v4.12.0-202302111028.p0.gb6124a7.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:0770	2023-02-20T00:00:00Z
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.12.0-202303081941.p0.gc56075a.assembly.stream	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:1270	2023-03-21T00:00:00Z
Red Hat OpenShift Container Platform 4.13
openshift4/ose-image-customization-controller-rhel8:v4.13.0-202304260928.p0.g8765166.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
openshift4/ose-machine-config-operator:v4.13.0-202304251516.p0.g70aa0a5.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1326	2023-05-17T00:00:00Z
Red Hat OpenShift Container Platform 4.9
openshift4/ose-cluster-network-operator:v4.9.0-202301301454.p0.gbb98961.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2023:0574	2023-02-13T00:00:00Z
Red Hat OpenShift GitOps 1.5
openshift-gitops-1/applicationset-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/argocd-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.5.10-6	cpe:/a:redhat:openshift_gitops:1.5::el8	RHSA-2023:0804	2023-02-17T00:00:00Z
Red Hat OpenShift GitOps 1.6
openshift-gitops-1/argocd-rhel8:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.6.5-5	cpe:/a:redhat:openshift_gitops:1.6::el8	RHSA-2023:0802	2023-02-17T00:00:00Z
Red Hat OpenShift GitOps 1.7
openshift-gitops-1/argocd-rhel8:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.7.2-5	cpe:/a:redhat:openshift_gitops:1.7::el8	RHSA-2023:0803	2023-02-17T00:00:00Z
Red Hat OpenShift Service Mesh 2.3 for RHEL 8
openshift-service-mesh/istio-rhel8-operator:2.3.1-10	cpe:/a:redhat:service_mesh:2.3::el8	RHSA-2023:0542	2023-01-30T00:00:00Z
RHODF-4.12-RHEL-8
odf4/mcg-rhel8-operator:v4.12.1-4	cpe:/a:redhat:openshift_data_foundation:4.12::el8	RHSA-2023:1170	2023-03-08T00:00:00Z
RHODF-4.13-RHEL-9
odf4/mcg-rhel9-operator:v4.13.0-41	cpe:/a:redhat:openshift_data_foundation:4.13::el9	RHSA-2023:3742	2023-06-21T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
https://github.com/advisories/GHSA-3839-6r69-m497
https://nvd.nist.gov/vuln/detail/CVE-2021-4238
https://pkg.go.dev/vuln/GO-2022-0411
https://www.cve.org/CVERecord?id=CVE-2021-4238

History

Fri, 11 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-12-27T21:13:50.373Z

Updated: 2025-04-11T16:17:46.299Z

Reserved: 2022-07-29T19:56:49.058Z

Link: CVE-2021-4238

Vulnrichment

Updated: 2024-08-03T17:23:10.165Z

NVD

Status : Modified

Published: 2022-12-27T22:15:12.073

Modified: 2025-04-11T17:15:35.883

Link: CVE-2021-4238

Redhat

Severity : Important

Publid Date: 2022-12-27T00:00:00Z

Links: CVE-2021-4238 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object