CVE-2022-31183 - Vulnerability Details

Vendors	Products
Typelevel	Fs2

Link	Providers
https://github.com/nodejs/node/issues/43994
https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207
https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35

{"containers": {"cna": {"affected": [{"product": "fs2", "vendor": "typelevel", "versions": [{"status": "affected", "version": ">= 3.1.0, < 3.2.11"}]}], "descriptions": [{"lang": "en", "value": "fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T19:50:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nodejs/node/issues/43994"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"}], "source": {"advisory": "GHSA-2cpx-6pqp-wf35", "discovery": "UNKNOWN"}, "title": "mTLS client verification is skipped in fs2 on Node.js", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31183", "STATE": "PUBLIC", "TITLE": "mTLS client verification is skipped in fs2 on Node.js"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "fs2", "version": {"version_data": [{"version_value": ">= 3.1.0, < 3.2.11"}]}}]}, "vendor_name": "typelevel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295: Improper Certificate Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35", "refsource": "CONFIRM", "url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"}, {"name": "https://github.com/nodejs/node/issues/43994", "refsource": "MISC", "url": "https://github.com/nodejs/node/issues/43994"}, {"name": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207", "refsource": "MISC", "url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"}]}, "source": {"advisory": "GHSA-2cpx-6pqp-wf35", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:39.653Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nodejs/node/issues/43994"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31183", "datePublished": "2022-08-01T19:50:11", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:11:39.653Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typelevel:fs2:*:*:*:*:*:*:*:*", "matchCriteriaId": "750D10F3-1FF8-4173-A44A-ACDE06641472", "versionEndExcluding": "3.2.11", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection."}, {"lang": "es", "value": "fs2 es una librer\u00eda de E/S de composici\u00f3n para Scala. Cuando es establecido un \"TLSSocket\" en modo servidor usando \"fs2-io\" en Node.js, el par\u00e1metro \"requestCert = true\" es ignorado, la verificaci\u00f3n del certificado del compa\u00f1ero es omitida, y la conexi\u00f3n procede. La vulnerabilidad es limitada a: 1. \"fs2-io\" corriendo en Node.js. La implementaci\u00f3n de TLS en la JVM es completamente independiente. 2. \"TLSSocket\"s en modo servidor. Los \"TLSSocket\" en modo cliente es implementado por medio de una API diferente. 3. mTLS est\u00e1 habilitado por medio de \"requestCert = true\" en \"TLSParameters\". La configuraci\u00f3n por defecto es \"false\" para los \"TLSSocket\" en modo servidor. Es introducida con la implementaci\u00f3n inicial de Node.js de fs2-io en la versi\u00f3n 3.1.0. Ha sido publicado un parche en la versi\u00f3n 3.2.11. Es respetado el par\u00e1metro requestCert = true y es verificado el certificado del compa\u00f1ero. Si la verificaci\u00f3n falla, es lanzada una SSLException. Si es usada una versi\u00f3n sin parche en Node.js, no debe usarse un TLSSocket en modo servidor con requestCert = true para establecer una conexi\u00f3n mTLS"}], "id": "CVE-2022-31183", "lastModified": "2024-11-21T07:04:04.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T20:15:08.410", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/nodejs/node/issues/43994"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/nodejs/node/issues/43994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object