CVE-2019-14806 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Affected Products (NVD)

Vendor	Product	Version
palletsprojects	werkzeug	𝑥 < 0.15.3
opensuse	leap	15.0
opensuse	leap	15.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-werkzeug

bookworm	2.2.2-3 fixed
bullseye	1.0.1+dfsg1-2+deb11u1 fixed
bullseye (security)	1.0.1+dfsg1-2+deb11u1 fixed
jessie	not-affected
sid	3.0.4-1 fixed
trixie	3.0.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

python-werkzeug

bionic	Fixed 0.14.1+dfsg1-1ubuntu0.1 released
disco	ignored
eoan	ignored
focal	not-affected
groovy	not-affected
trusty	dne
xenial	not-affected

Common Weakness Enumeration

CWE-331 - Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html

https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168

https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246

https://palletsprojects.com/blog/werkzeug-0-15-3-released/

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html

https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168

https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246

https://palletsprojects.com/blog/werkzeug-0-15-3-released/