1. Home
  2. Vulnerabilities
  3. CVE-2022-32222

CVE-2022-32222

CVSS v3.1 5.3 (Medium)
53% Progress
EPSS 0.06 % (27th)
0.06% Progress
Affected Products 2
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

Weaknesses
CWE-310
Cryptographic Issues
CWE-427
Uncontrolled Search Path Element
CVE Status
PUBLISHED
CNA
HackerOne
Published Date
2022-07-14 15:15:08
(2 years ago)
Updated Date
2023-07-24 13:16:33
(14 months ago)

Affected Products

Nodejs

Siemens

Configuration #1

    CPE23 From Up To
  Nodejs Node.js from 18.0.0 version and prior 18.5.0 version cpe:2.3:a:nodejs:node.js >= 18.0.0 < 18.5.0

Configuration #2

    CPE23 From Up To
  Siemens Sinec Ins prior 1.0 version cpe:2.3:a:siemens:sinec_ins < 1.0
  Siemens Sinec Ins 1.0 cpe:2.3:a:siemens:sinec_ins:1.0:-
  Siemens Sinec Ins 1.0 SP1 cpe:2.3:a:siemens:sinec_ins:1.0:sp1
  Siemens Sinec Ins 1.0 SP2 cpe:2.3:a:siemens:sinec_ins:1.0:sp2