CVE-2019-25089

27.12.2022, 12:15

A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
VulDB	CNA	3.1 LOW				CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
muon_project	muon	0.1.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References

https://github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f

https://github.com/Morgawr/Muon/issues/4

https://vuldb.com/?ctiid.216877

https://vuldb.com/?id.216877

https://github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f

https://github.com/Morgawr/Muon/issues/4

https://vuldb.com/?ctiid.216877

https://vuldb.com/?id.216877