Vulnerability CVE-2022-1252


Published: 2022-04-11

Description:
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off.

Type:

CWE-359

(Privacy Violation)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Gnuboard -> Gnuboard5 

 References:
https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb
https://0g.vc/posts/insecure-cipher-gnuboard5/

Copyright 2024, cxsecurity.com

 

Back to Top