CVE-2022-1252

Exploit

EPSS 0.2%
Veröffentlicht 11.04.2022 11:15:07
Zuletzt bearbeitet 24.02.2026 20:18:07
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sir ≫ Gnuboard Version <= 5.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.423

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
security@huntr.dev	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://0g.vc/posts/insecure-cipher-gnuboard5/

Third Party Advisory

Exploit

https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-1252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1252

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1252