Main Vulnerability Database Vulnerabilities #VU64942

Improper Certificate Validation in undici - CVE-2022-32210

Published: July 6, 2022

Vulnerability identifier: #VU64942

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-32210

CWE-ID: CWE-295

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
undici

Software vendor:
Node.js

Description

The vulnerability allows a remote user on the local network to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote authenticated user on the local network can send a specially crafted request to obtain sensitive information of all the requests and responses data to the proxy, and use this information to launch further attacks against the affected system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designerauthoring-operands-may-be-vulnerable-to-loss-of-confidentiality-due-to-cve-2022-32210/

Improper Certificate Validation in undici - CVE-2022-32210

Description

Remediation

External links

Please verify you're human