Vulnerability CVE-2022-32210

Vulnerability Name:

CVE-2022-32210 (CCN-229253)

Assigned:

2022-06-17

Published:

2022-06-17

Updated:

2022-07-25

Summary:

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): Low Availibility (A): None

5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-295

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-32210

Source: XF
Type: UNKNOWN
nodejs-cve202232210-info-disc(229253)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/1583680

Source: CCN
Type: SNYK-JS-UNDICI-2928996
Improper Certificate Validation

Source: CCN
Type: IBM Security Bulletin 6601261 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

Source: CCN
Type: NPM Web site
undici

Vulnerable Configuration:

Configuration 1:

cpe:/a:nodejs:undici:*:*:*:*:*:node.js:*:* (Version >= 4.8.2 and < 5.5.1)

Configuration CCN 1:

cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:*

Denotes that component is vulnerable

BACK