How severe is CVE-2022-29229?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2022-29229?

This is classified as CWE-325, which is a common weakness in software security.

CVE-2022-29229

HIGH Year: 2022

CVSS v3 Score

7.2

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-325

View all →

Vulnerability Description

CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials. The issue has been patched in 1.5.8, however, the vulnerable accounts are only resecured when the user next logs in using standalone authentication, as the data required to resecure the account is not available to the server. The issue may be mitigated by using SSO or client side certificates to log in. Please note that SSO and client side certificate authentication does not have this expectation of no-knowledge credential access, and cryptographic keys are available to the server administrator.

CVE-2022-20742

HIGH

CVSS:7.4(High)

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or...

CWE-3252022

CVE-2021-22946

HIGH

CVSS:7.5(High)

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESS...

CWE-3252021

CVE-2022-1279

HIGH

CVSS:7.5(High)

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This ...

CWE-3252022

CVE-2023-40012

HIGH

CVSS:7.5(High)

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates...

CWE-3252023

CVE-2018-5383

MEDIUM

CVSS:6.8(Medium)

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

CWE-3252018

CVE-2020-26244

MEDIUM

CVSS:6.8(Medium)

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issu...

CWE-3252020

CVE-2022-29229

Vulnerability Description

Related Vulnerabilities

CVE-2022-20742

CVE-2021-22946

CVE-2022-1279

CVE-2023-40012

CVE-2018-5383

CVE-2020-26244