Vulnerability Details CVE-2015-7764
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2015/10/20/3
- https://github.com/Netflix/lemur/issues/117
- https://github.com/kvesteri/sqlalchemy-utils/issues/166
- http://www.openwall.com/lists/oss-security/2015/10/20/3
- https://github.com/Netflix/lemur/issues/117
- https://github.com/kvesteri/sqlalchemy-utils/issues/166