CVE-2022-32222

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-32222

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32222.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-32222

Aliases

Downstream

MGASA-2022-0294

Published

2022-07-14T15:15:08.437Z

Modified

2026-04-16T04:44:40.650912818Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

References

https://hackerone.com/reports/1695596

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type

GIT

Repo

https://github.com/nodejs/node

Events

Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Fixed

0a18e136b4a1e860bb2befcbd1f78661ed5fb5e7

Introduced

Fixed

b82bb600370db7207a39e53329af228f6af3ffa1

Introduced

Last affected

b82bb600370db7207a39e53329af228f6af3ffa1

Introduced

Last affected

545959468fbc878e7f0a486264eebbdf06a57bea

Introduced

Last affected

b65a11e072cf751d8c2a9699451ef80022d4ffbc

Database specific

{
    "versions": [
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-sp1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-sp2"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v0.1.0

v0.1.1

v0.1.10

v0.1.100

v0.1.101

v0.1.102

v0.1.103

v0.1.104

v0.1.11

v0.1.12

v0.1.13

v0.1.14

v0.1.15

v0.1.16

v0.1.17

v0.1.18

v0.1.19

v0.1.2

v0.1.20

v0.1.21

v0.1.22

v0.1.23

v0.1.24

v0.1.25

v0.1.26

v0.1.27

v0.1.28

v0.1.29

v0.1.3

v0.1.30

v0.1.31

v0.1.32

v0.1.33

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.1.92

v0.1.93

v0.1.94

v0.1.95

v0.1.96

v0.1.97

v0.1.98

v0.1.99

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.4.0

v0.5.0

v0.5.1

v0.5.10

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.5-rc1

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.7.0

v0.7.2

v0.7.3

v1.*

v1.0.0

v1.0.0-release

v1.0.1

v1.0.1-release

v1.0.2

v1.0.2-release

v18.*

v18.0.0

v18.1.0

v18.2.0

v18.3.0

v18.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32222.json"