Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2022-32222: ELSA-2022-9947: GraalVM Security update (IMPORTANT) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: CVE-2022-32222: ELSA-2022-9947: GraalVM Security update (IMPORTANT) (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
07/08/2022
Created
10/18/2024
Added
10/16/2024
Modified
10/17/2024

Description

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. A vulnerability was found in NodeJS. The issue occurs when Node.js starts on Linux based systems and attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily does not exist. This flaw allows an attacker on some shared systems to create this file and affect the default OpenSSL configuration for other users.

Solution(s)

  • oracle-linux-upgrade-graalvm22-ce-11
  • oracle-linux-upgrade-graalvm22-ce-11-devel
  • oracle-linux-upgrade-graalvm22-ce-11-espresso
  • oracle-linux-upgrade-graalvm22-ce-11-espresso-llvm
  • oracle-linux-upgrade-graalvm22-ce-11-fastr
  • oracle-linux-upgrade-graalvm22-ce-11-javascript
  • oracle-linux-upgrade-graalvm22-ce-11-jdk
  • oracle-linux-upgrade-graalvm22-ce-11-libpolyglot
  • oracle-linux-upgrade-graalvm22-ce-11-llvm
  • oracle-linux-upgrade-graalvm22-ce-11-llvm-toolchain
  • oracle-linux-upgrade-graalvm22-ce-11-native-image
  • oracle-linux-upgrade-graalvm22-ce-11-native-image-llvm-backend
  • oracle-linux-upgrade-graalvm22-ce-11-nodejs
  • oracle-linux-upgrade-graalvm22-ce-11-nodejs-devel
  • oracle-linux-upgrade-graalvm22-ce-11-polyglot
  • oracle-linux-upgrade-graalvm22-ce-11-python
  • oracle-linux-upgrade-graalvm22-ce-11-python-devel
  • oracle-linux-upgrade-graalvm22-ce-11-ruby
  • oracle-linux-upgrade-graalvm22-ce-11-ruby-devel
  • oracle-linux-upgrade-graalvm22-ce-11-tools
  • oracle-linux-upgrade-graalvm22-ce-11-wasm
  • oracle-linux-upgrade-graalvm22-ce-17
  • oracle-linux-upgrade-graalvm22-ce-17-devel
  • oracle-linux-upgrade-graalvm22-ce-17-espresso
  • oracle-linux-upgrade-graalvm22-ce-17-espresso-llvm
  • oracle-linux-upgrade-graalvm22-ce-17-fastr
  • oracle-linux-upgrade-graalvm22-ce-17-javascript
  • oracle-linux-upgrade-graalvm22-ce-17-jdk
  • oracle-linux-upgrade-graalvm22-ce-17-libpolyglot
  • oracle-linux-upgrade-graalvm22-ce-17-llvm
  • oracle-linux-upgrade-graalvm22-ce-17-llvm-toolchain
  • oracle-linux-upgrade-graalvm22-ce-17-native-image
  • oracle-linux-upgrade-graalvm22-ce-17-native-image-llvm-backend
  • oracle-linux-upgrade-graalvm22-ce-17-nodejs
  • oracle-linux-upgrade-graalvm22-ce-17-nodejs-devel
  • oracle-linux-upgrade-graalvm22-ce-17-polyglot
  • oracle-linux-upgrade-graalvm22-ce-17-python
  • oracle-linux-upgrade-graalvm22-ce-17-python-devel
  • oracle-linux-upgrade-graalvm22-ce-17-ruby
  • oracle-linux-upgrade-graalvm22-ce-17-ruby-devel
  • oracle-linux-upgrade-graalvm22-ce-17-tools
  • oracle-linux-upgrade-graalvm22-ce-17-wasm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;