CVE-2022-32222

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Node.js versions 18.x prior to 18.40.0

Description A cryptographic issue exists in Node.js on Linux, where the default path for openssl.cnf might be accessible to a non-admin user under certain circumstances, instead of being located in /etc/ssl as in previous versions before the upgrade to OpenSSL 3.

Recommendations For versions prior to 18.40.0, update to version 18.40.0 or later to resolve the issue.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310CWE-427

Related Identifiers

BIT-NODE-2022-32222

BIT-NODE-MIN-2022-32222

CVE-2022-32222

MGASA-2022-0294

Affected Products

Node.Js

CVE-2022-32222

Weakness Enumeration

Related Identifiers

Affected Products

References · 17