CVE-2022-2582
ADVISORY - githubSummary
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
EPSS Score: 0.00082 (0.250)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Inadequate Encryption Strength
ADVISORY - github
Inadequate Encryption Strength
NIST
CREATED
UPDATED
ADVISORY IDCVE-2022-2582
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.3mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-6jvc-q2x7-pchv
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.3mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2022-2582
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2022-2582
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
4.3mediumGoLang
CREATED
UPDATED
ADVISORY IDGO-2022-0391
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-585c-pgh6-jfxh
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2022-2582
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-