CVE-2024-45719

CVE-2024-45719: Apache Answer: Predictable Authorization Token Using UUIDv1

Vendor Apache Software Foundation

Product Apache Answer

Weakness CWE-326 · Weak encryption

Published November 22, 2024

Last update November 22, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

Key dates

Disclosure timeline

November 22, 2024 CVE published

November 22, 2024 Record updated