← voltar
CVE-2022-1252

Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5

CVSS 8.2 HIGHEPSS 0.5%CWE-327
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.2EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 abr 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Produtos afetados
gnuboard · gnuboard/gnuboard5

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://0g.vc/posts/insecure-cipher-gnuboard5/https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb