CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.4.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.
References
Configurations

Configuration 1

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*

Information

Published : 2022-07-14 03:15

Updated : 2023-02-23 08:15


NVD link : CVE-2022-32222

Mitre link : CVE-2022-32222

Products Affected
No products.
CWE
CWE-326

Inadequate Encryption Strength