suse · CVE-2022-32222

Quick triage

Priority: medium Published: 2022-07-11 23:43:01 UTC Updated: 2025-02-16 03:00:36 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-32222 severity moderate: SUSE including 28 source package names (nodejs10, nodejs10-devel, …), 192 product×package rows across 24 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (24 product lines)): Known Not Affected 192.

Description:

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

cvelogic Threat Intelligence