CVE-2022-32222 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-32222

CVE-2022-32222

July 14, 2022

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

Related Resources (6)

https://security.netapp.com/advisory/ntap-20220915-0001/

https://github.com/nodejs/node/commit/46093c45e2202ca11a7db8d5613507d92e629e14

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

https://hackerone.com/reports/1695596

https://security.alpinelinux.org/vuln/CVE-2022-32222

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Uncontrolled Search Path Element

CWE-427

EPSS

Base Score:

0.39

Products

Solutions

Resources

Company

Compare

Developer Tools