CVE-2022-1252
Last modified
CVE-2022-1252 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sir | Gnuboard | <= 5.5.5 |
References
- https://0g.vc/posts/insecure-cipher-gnuboard5/Exploit, Third Party Advisory
- https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebbExploit, Third Party Advisory
- https://0g.vc/posts/insecure-cipher-gnuboard5/Exploit, Third Party Advisory
- https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebbExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-1252?
How severe is CVE-2022-1252?
How do I fix CVE-2022-1252?
Are you affected by CVE-2022-1252?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST