XWiki Platform Crypto API generates SHA1 certificates, upgrade to versions 13.10.6, 14.3.1, 14.4-rc-1 or patch locally as per NVD CVE-2022-29161
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Cvelist | CVE-2022-29161 Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform | 5 May 202223:35 | โ | cvelist |
NVD | CVE-2022-29161 | 6 May 202200:15 | โ | nvd |
Prion | Code injection | 6 May 202200:15 | โ | prion |
OSV | CVE-2022-29161 | 6 May 202200:15 | โ | osv |
OSV | Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API | 24 May 202212:47 | โ | osv |
Github Security Blog | Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API | 24 May 202212:47 | โ | github |
OpenVAS | XWiki Crypto API Vulnerability (GHSA-h8v5-p258-pqf4) | 10 May 202200:00 | โ | openvas |
[
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "< 13.10.6"
},
{
"status": "affected",
"version": ">= 14.0.0, < 14.3.1"
},
{
"status": "affected",
"version": ">= 14.4.0, < 14.4-rc-1"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo