CVE-2022-31183

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nodejs/node/issues/43994	Exploit Issue Tracking Third Party Advisory
https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207	Patch Third Party Advisory
https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:typelevel:fs2:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-01 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-31183

Mitre link : CVE-2022-31183

CVE.ORG link : CVE-2022-31183

JSON object : View

Products Affected

typelevel

fs2

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-31183", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-08-01T20:15:08.410", "references": [{"url": "https://github.com/nodejs/node/issues/43994", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection."}, {"lang": "es", "value": "fs2 es una librer\u00eda de E/S de composici\u00f3n para Scala. Cuando es establecido un \"TLSSocket\" en modo servidor usando \"fs2-io\" en Node.js, el par\u00e1metro \"requestCert = true\" es ignorado, la verificaci\u00f3n del certificado del compa\u00f1ero es omitida, y la conexi\u00f3n procede. La vulnerabilidad es limitada a: 1. \"fs2-io\" corriendo en Node.js. La implementaci\u00f3n de TLS en la JVM es completamente independiente. 2. \"TLSSocket\"s en modo servidor. Los \"TLSSocket\" en modo cliente es implementado por medio de una API diferente. 3. mTLS est\u00e1 habilitado por medio de \"requestCert = true\" en \"TLSParameters\". La configuraci\u00f3n por defecto es \"false\" para los \"TLSSocket\" en modo servidor. Es introducida con la implementaci\u00f3n inicial de Node.js de fs2-io en la versi\u00f3n 3.1.0. Ha sido publicado un parche en la versi\u00f3n 3.2.11. Es respetado el par\u00e1metro requestCert = true y es verificado el certificado del compa\u00f1ero. Si la verificaci\u00f3n falla, es lanzada una SSLException. Si es usada una versi\u00f3n sin parche en Node.js, no debe usarse un TLSSocket en modo servidor con requestCert = true para establecer una conexi\u00f3n mTLS"}], "lastModified": "2022-08-09T19:38:00.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typelevel:fs2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "750D10F3-1FF8-4173-A44A-ACDE06641472", "versionEndExcluding": "3.2.11", "versionStartIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}