Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-2582HistoryDec 27, 2022 - 10:15 p.m.
CVE-2022-2582
2022-12-2722:15:00
Debian Security Bug Tracker
security-tracker.debian.org
7
0.001 Low
EPSS
Percentile
19.4%
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
Related
veracode
veracode
Information Disclosure
2023-01-07 20:13:42
ubuntucve
ubuntucve
CVE-2022-2582
2022-12-27 00:00:00
cve
cve
CVE-2022-2582
2022-12-27 22:15:00
cgr
cgr
CVE-2022-2582 vulnerabilities
2024-05-18 09:07:38
github
github
ibm
ibm
osv
osv
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
2022-12-28 00:30:23
Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
2022-02-11 23:26:12
Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go
2022-07-01 20:10:56
cvelist
cvelist
prion
prion
Code injection
2022-12-27 22:15:00
wolfi
wolfi
CVE-2022-2582 vulnerabilities
2024-05-18 09:07:35