High severityNVD Advisory· Published Apr 19, 2023· Updated Nov 21, 2025
Insecure Random Generation in Netflix Lemur
CVE-2023-30797
Description
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lemurPyPI | < 1.3.2 | 1.3.2 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238ghsapatchWEB
- github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gmghsavendor-advisoryWEB
- github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.mdghsavendor-advisoryWEB
- github.com/advisories/GHSA-5fqv-mpj8-h7gmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-30797ghsaADVISORY
- vulncheck.com/advisories/netflix-lemur-weak-rngghsathird-party-advisoryWEB
- github.com/Netflix/lemur/issues/3888ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/lemur/PYSEC-2023-20.yamlghsaWEB
News mentions
0No linked articles in our index yet.