Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ac61-9a1c-pkac
Vulnerability ID VCID-ac61-9a1c-pkac
Aliases CVE-2023-30797
GHSA-5fqv-mpj8-h7gm
GMS-2023-540
PYSEC-2023-20
Summary Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-330 Use of Insufficiently Random Values
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/Netflix/lemur
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238
https://github.com/Netflix/lemur/issues/3888
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md
https://github.com/pypa/advisory-database/tree/main/vulns/lemur/PYSEC-2023-20.yaml
https://vulncheck.com/advisories/netflix-lemur-weak-rng
CVE-2023-30797 https://nvd.nist.gov/vuln/detail/CVE-2023-30797
GHSA-5fqv-mpj8-h7gm https://github.com/advisories/GHSA-5fqv-mpj8-h7gm
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:18:36.988982+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/lemur/PYSEC-2023-20.yaml 38.6.0