Lucene search
GoogleOSV:GO-2022-0391HistoryJul 01, 2022 - 8:10 p.m.
Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go
2022-07-0120:10:56
Google
osv.dev
7
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker.
AWS now blocks this metadata field, but older SDK versions still send it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/aws/aws-sdk-go | lt | 1.34.0 |
Related
github
github
prion
prion
Code injection
2022-12-27 22:15:00
wolfi
wolfi
CVE-2022-2582 vulnerabilities
2024-05-24 17:23:29
cgr
cgr
CVE-2022-2582 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Information Disclosure
2023-01-07 20:13:42
ubuntucve
ubuntucve
CVE-2022-2582
2022-12-27 00:00:00
cve
cve
CVE-2022-2582
2022-12-27 22:15:00
debiancve
debiancve
CVE-2022-2582
2022-12-27 22:15:00
osv
osv
cvelist
cvelist
