Lucene search

GitHub Advisory DatabaseGHSA-7942-2FX8-QHPF

HistoryAug 05, 2022 - 12:00 a.m.

Raneto v0.17.0 employs weak password complexity requirements

2022-08-0500:00:23

CWE-521

GitHub Advisory Database

github.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.6%

JSON

Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities.

Affected configurations

Vulners

Node

raneto_projectranetoRange≤0.17.0node.js

CPENameOperatorVersion
ranetole0.17.0

CPE	Name	Operator	Version
	raneto	le	0.17.0

References

raneto.com/

cwe.mitre.org/data/definitions/521.html

gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/

github.com/advisories/GHSA-7942-2fx8-qhpf

github.com/gilbitron/Raneto/releases

github.com/ryanlelek/Raneto/commit/55e442c9bc67b845094e14ceb228e95c639595be

github.com/ryanlelek/Raneto/pull/370

github.com/ryanlelek/Raneto/releases/tag/0.17.1

nvd.nist.gov/vuln/detail/CVE-2022-35143

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for GHSA-7942-2FX8-QHPF