CVE-2022-1252

Опубликовано: 11 апр. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents

Ссылки

https://0g.vc/posts/insecure-cipher-gnuboard5/
Exploit
Third Party Advisory
https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb
Exploit
Third Party Advisory
https://0g.vc/posts/insecure-cipher-gnuboard5/
Exploit
Third Party Advisory
https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*

Версия до 5.5.5 (включая)

EPSS

Процентиль: 42%

0.00199

Низкий

8.2 High

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-5f4g-m368-xv75

CVSS3: 7.5

github

почти 4 года назад

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off.

EPSS

Процентиль: 42%

0.00199

Низкий

8.2 High

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-327