Published: 09/08/2019 Updated: 03/03/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Pallets Werkzeug prior to 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

Vulnerable Product	Search on Vulmon	Subscribe to Product
palletsprojects werkzeug
opensuse leap 15.0
opensuse leap 15.1

Debian Bug report logs - #940935 python-werkzeug: CVE-2019-14806 Package: src:python-werkzeug; Maintainer for src:python-werkzeug is Python Modules Packaging Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Sep 2019 08:18:02 UTC Severity: normal T ...

CWE-331 https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246 https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168 https://palletsprojects.com/blog/werkzeug-0-15-3-released/http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-14806

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect