SB2022111521 - SUSE update for python-Werkzeug
Published: November 15, 2022
Security Bulletin ID
SB2022111521
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient Entropy (CVE-ID: CVE-2019-14806)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Remediation
Install update from vendor's website.