CVE-2022-1252

Name of the Vulnerable Software and Affected Versions gnuboard/gnuboard5 versions prior to and including 5.5.5

Description The issue concerns the use of a broken or risky cryptographic algorithm, leading to exposure of sensitive information. This allows an attacker to derive the email address of any user, even when the 'Let others see my information.' box is unticked, and to send emails to any email address with full control over the contents.

Recommendations For versions prior to and including 5.5.5, update to a version later than 5.5.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.