cve/2024/CVE-2024-22194.md

### [CVE-2024-22194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22194)
![](https://img.shields.io/static/v1?label=Product&message=CDO-Utility-Local-UUID&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3D%200.4.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-215%3A%20Insertion%20of%20Sensitive%20Information%20Into%20Debugging%20Code&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-337%3A%20Predictable%20Seed%20in%20Pseudo-Random%20Number%20Generator%20(PRNG)&color=brighgreen)

### Description

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. 

### POC

#### Reference
- https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d
- https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d

#### Github
No PoCs found on GitHub currently.