2 matches found
CVE-2022-29161
CVE-2022-29161 concerns the XWiki Platform Crypto API generating X509 certificates signed by default with SHA-1 with RSA , a deprecated algorithm due to collision risks. The issue was patched in XWiki versions 13.10.6, 14.3.1 and 14.4-rc-1 , after which the API signs certificates with SHA-256 wit...
CVE-2022-29161 Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collision...