CVE-2022-1252 (GCVE-0-2022-1252)
Vulnerability from cvelistv5 – Published: 2022-04-11 10:15 – Updated: 2024-08-02 23:55
VLAI?
Summary
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
Severity ?
8.2 (High)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gnuboard | gnuboard/gnuboard5 |
Affected:
unspecified , ≤ 5.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "gnuboard/gnuboard5",
"vendor": "gnuboard",
"versions": [
{
"lessThanOrEqual": "5.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\u003c/p\u003e"
}
],
"value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:41:17.963Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
],
"source": {
"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"discovery": "EXTERNAL"
},
"title": "Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1252",
"STATE": "PUBLIC",
"TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in gnuboard/gnuboard5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gnuboard/gnuboard5",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.5.5"
}
]
}
}
]
},
"vendor_name": "gnuboard"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"name": "https://0g.vc/posts/insecure-cipher-gnuboard5/",
"refsource": "MISC",
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
]
},
"source": {
"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1252",
"datePublished": "2022-04-11T10:15:14",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.5.5\", \"matchCriteriaId\": \"B9DCFF7E-1481-4DF1-B851-5B284DA4CC71\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Exposici\\u00f3n de informaci\\u00f3n personal privada a un actor no autorizado en el repositorio de GitHub gnuboard/gnuboard5 anterior a la versi\\u00f3n 5.5.5 inclusive. Una vulnerabilidad en gnuboard v5.5.5 e inferior utiliza algoritmos de cifrado d\\u00e9biles que conducen a la exposici\\u00f3n de informaci\\u00f3n sensible. Esto permite a un atacante obtener la direcci\\u00f3n de correo electr\\u00f3nico de cualquier usuario, incluso cuando la casilla \\\"Permitir que otros vean mi informaci\\u00f3n\\\" est\\u00e1 marcada. O enviar correos electr\\u00f3nicos a cualquier direcci\\u00f3n de correo electr\\u00f3nico, con pleno control de su contenido\"}]",
"id": "CVE-2022-1252",
"lastModified": "2024-11-21T06:40:20.770",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-04-11T11:15:07.943",
"references": "[{\"url\": \"https://0g.vc/posts/insecure-cipher-gnuboard5/\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://0g.vc/posts/insecure-cipher-gnuboard5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1252\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2022-04-11T11:15:07.943\",\"lastModified\":\"2024-11-21T06:40:20.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the \u0027Let others see my information.\u0027 box is ticked off. Or to send emails to any email address, with full control of its contents\\n\\n\"},{\"lang\":\"es\",\"value\":\"Exposici\u00f3n de informaci\u00f3n personal privada a un actor no autorizado en el repositorio de GitHub gnuboard/gnuboard5 anterior a la versi\u00f3n 5.5.5 inclusive. Una vulnerabilidad en gnuboard v5.5.5 e inferior utiliza algoritmos de cifrado d\u00e9biles que conducen a la exposici\u00f3n de informaci\u00f3n sensible. Esto permite a un atacante obtener la direcci\u00f3n de correo electr\u00f3nico de cualquier usuario, incluso cuando la casilla \\\"Permitir que otros vean mi informaci\u00f3n\\\" est\u00e1 marcada. O enviar correos electr\u00f3nicos a cualquier direcci\u00f3n de correo electr\u00f3nico, con pleno control de su contenido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5.5\",\"matchCriteriaId\":\"B9DCFF7E-1481-4DF1-B851-5B284DA4CC71\"}]}]}],\"references\":[{\"url\":\"https://0g.vc/posts/insecure-cipher-gnuboard5/\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://0g.vc/posts/insecure-cipher-gnuboard5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…