CVE-2022-1252 - OpenCVE

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sir	Gnuboard

Configuration 1 [-]

cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://0g.vc/posts/insecure-cipher-gnuboard5/
https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb

History

Thu, 19 Sep 2024 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sir Sir gnuboard
CPEs	cpe:2.3:a:gnuboard:gnuboard5::::::::	cpe:2.3:a:sir:gnuboard::::::::
Vendors & Products	Gnuboard Gnuboard gnuboard5	Sir Sir gnuboard

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-11T10:15:14

Updated: 2024-08-02T23:55:24.553Z

Reserved: 2022-04-06T00:00:00

Link: CVE-2022-1252

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-11T11:15:07.943

Modified: 2024-09-19T11:44:30.770

Link: CVE-2022-1252

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "gnuboard/gnuboard5", "vendor": "gnuboard", "versions": [{"lessThanOrEqual": "5.5.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents</p>"}], "value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-08-02T08:41:17.963Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"}, {"tags": ["x_refsource_MISC"], "url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"}], "source": {"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb", "discovery": "EXTERNAL"}, "title": "Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1252", "STATE": "PUBLIC", "TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in gnuboard/gnuboard5"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gnuboard/gnuboard5", "version": {"version_data": [{"version_affected": "<=", "version_value": "5.5.5"}]}}]}, "vendor_name": "gnuboard"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"}, {"name": "https://0g.vc/posts/insecure-cipher-gnuboard5/", "refsource": "MISC", "url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"}]}, "source": {"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.553Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1252", "datePublished": "2022-04-11T10:15:14", "dateReserved": "2022-04-06T00:00:00", "dateUpdated": "2024-08-02T23:55:24.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sir:gnuboard:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9DCFF7E-1481-4DF1-B851-5B284DA4CC71", "versionEndIncluding": "5.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents\n\n"}, {"lang": "es", "value": "Exposici\u00f3n de informaci\u00f3n personal privada a un actor no autorizado en el repositorio de GitHub gnuboard/gnuboard5 anterior a la versi\u00f3n 5.5.5 inclusive. Una vulnerabilidad en gnuboard v5.5.5 e inferior utiliza algoritmos de cifrado d\u00e9biles que conducen a la exposici\u00f3n de informaci\u00f3n sensible. Esto permite a un atacante obtener la direcci\u00f3n de correo electr\u00f3nico de cualquier usuario, incluso cuando la casilla \"Permitir que otros vean mi informaci\u00f3n\" est\u00e1 marcada. O enviar correos electr\u00f3nicos a cualquier direcci\u00f3n de correo electr\u00f3nico, con pleno control de su contenido"}], "id": "CVE-2022-1252", "lastModified": "2024-09-19T11:44:30.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2022-04-11T11:15:07.943", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Secondary"}]}