CVE-2022-32222 - Vulnerability Details - OpenCVE

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nodejs	Node.js
Siemens	Sinec Ins

Configuration 1 [-]

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:siemens:sinec_ins::::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
	cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::

No data.

References

Link	Providers
https://hackerone.com/reports/1695596
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
https://nvd.nist.gov/vuln/detail/CVE-2022-32222
https://www.cve.org/CVERecord?id=CVE-2022-32222

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2022-07-14T00:00:00

Updated: 2025-04-30T22:24:46.826Z

Reserved: 2022-06-01T00:00:00

Link: CVE-2022-32222

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-14T15:15:08.437

Modified: 2024-11-21T07:05:57.337

Link: CVE-2022-32222

Redhat

Severity : Moderate

Publid Date: 2022-07-08T00:00:00Z

Links: CVE-2022-32222 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32222", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2025-04-30T22:24:46.826Z", "dateReserved": "2022-06-01T00:00:00", "datePublished": "2022-07-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-04-30T22:24:46.826Z"}, "descriptions": [{"lang": "en", "value": "A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3."}], "affected": [{"product": "Node", "vendor": "NodeJS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.0", "status": "affected", "lessThan": "4.*"}, {"versionType": "semver", "version": "5.0", "status": "affected", "lessThan": "5.*"}, {"versionType": "semver", "version": "6.0", "status": "affected", "lessThan": "6.*"}, {"versionType": "semver", "version": "7.0", "status": "affected", "lessThan": "7.*"}, {"versionType": "semver", "version": "8.0", "status": "affected", "lessThan": "8.*"}, {"versionType": "semver", "version": "9.0", "status": "affected", "lessThan": "9.*"}, {"versionType": "semver", "version": "10.0", "status": "affected", "lessThan": "10.*"}, {"versionType": "semver", "version": "11.0", "status": "affected", "lessThan": "11.*"}, {"versionType": "semver", "version": "12.0", "status": "affected", "lessThan": "12.*"}, {"versionType": "semver", "version": "13.0", "status": "affected", "lessThan": "13.*"}, {"versionType": "semver", "version": "14.0", "status": "affected", "lessThan": "14.20.0"}, {"versionType": "semver", "version": "15.0", "status": "affected", "lessThan": "15.*"}, {"versionType": "semver", "version": "16.0", "status": "affected", "lessThan": "16.20.0"}, {"versionType": "semver", "version": "17.0", "status": "affected", "lessThan": "17.*"}, {"versionType": "semver", "version": "18.0", "status": "affected", "lessThan": "18.9.1"}]}], "references": [{"url": "https://hackerone.com/reports/1695596"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Cryptographic Issues - Generic (CWE-310)", "cweId": "CWE-310"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:56.053Z"}, "title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1695596", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "C542B052-1935-4F37-8843-461401EACDCB", "versionEndExcluding": "18.5.0", "versionStartIncluding": "18.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", "versionEndExcluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3."}, {"lang": "es", "value": "Se presenta una vulnerabilidad criptogr\u00e1fica en Node.js en linux en versiones 18.x anteriores a 18.40.0, que permit\u00eda una ruta por defecto para openssl.cnf que podr\u00eda ser accesible en algunas circunstancias para un usuario no administrador en lugar de /etc/ssl como era el caso en las versiones anteriores a la actualizaci\u00f3n a OpenSSL 3"}], "id": "CVE-2022-32222", "lastModified": "2024-11-21T07:05:57.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-14T15:15:08.437", "references": [{"source": "support@hackerone.com", "tags": ["Exploit"], "url": "https://hackerone.com/reports/1695596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://hackerone.com/reports/1695596"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Michael Scovetta (OpenSSF Alpha-Omega Project) as the original reporter.", "bugzilla": {"description": "nodejs: potential openssl.cnf hijack", "id": "2105424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105424"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-73", "details": ["A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.", "A vulnerability was found in NodeJS. The issue occurs when Node.js starts on Linux based systems and attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily does not exist. This flaw allows an attacker on some shared systems to create this file and affect the default OpenSSL configuration for other users."], "name": "CVE-2022-32222", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:14/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:16/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:18/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs14-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2022-07-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-32222\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32222\nhttps://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"], "statement": "This issue is specific to the nodejs:v18 stream. This issue is contained within the OpenSSL library bundled upstream. We remove this library during the build and instead, use the one on the system, therefore, this issue does not affect us.", "threat_severity": "Moderate"}