CVE-2024-22194 LOW

CVE-2024-22194: cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

Vendor Cyber-Domain-Ontology
Product CDO-Utility-Local-UUID
Weakness CWE-215
Published January 11, 2024
Last update June 3, 2025

CVSS base score

2.2/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.

Key dates

02Disclosure timeline

January 11, 2024 CVE published
June 3, 2025 Record updated