CVE-2015-8851
It was found that NodeJS node-uuid used Math.random() to create a GUID (Globally Unique Identifier) which does not provide enough entropy (on some platforms it only provides 32 bits) which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks against a system using node-uuid.
Find out more about CVE-2015-8851 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:A/AC:M/Au:N/C:P/I:P/A:N |
| Access Vector | Adjacent Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenShift Container Platform 3.2 (atomic-openshift) | RHBA-2016:1343 | 2016-06-27 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Software Collections for Red Hat Enterprise Linux | nodejs010-nodejs-node-uuid | Will not fix |
| Red Hat OpenShift Enterprise 3 | nodejs-node-uuid | Will not fix |