CVE-2022-36127

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/07/18/1	Mailing List Third Party Advisory
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3	Mailing List Release Notes Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/07/18/1	Mailing List Third Party Advisory
https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3	Mailing List Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:skywalking:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 07:12

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2022/07/18/1 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2022/07/18/1 - Mailing List, Third Party Advisory
References	~~() https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3 - Mailing List, Release Notes, Vendor Advisory~~	() https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3 - Mailing List, Release Notes, Vendor Advisory

Information

Published : 2022-07-18 12:15

Updated : 2024-11-21 07:12

NVD link : CVE-2022-36127

Mitre link : CVE-2022-36127

CVE.ORG link : CVE-2022-36127

JSON object : View

Products Affected

apache

skywalking

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-36127", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-18T12:15:08.150", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/07/18/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2022/07/18/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/x238wo4r5goy39dxdjcmlofp6gcdnqr3", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection."}, {"lang": "es", "value": "Una vulnerabilidad en el agente NodeJS de Apache SkyWalking versiones anteriores a 0.5.1. La vulnerabilidad causar\u00e1 que los servicios de NodeJS que tengan este agente instalado no est\u00e9n disponibles si el OAP no es saludable y el agente NodeJS no puede establecer la conexi\u00f3n"}], "lastModified": "2024-11-21T07:12:27.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:skywalking:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "524781B4-CCF8-4ABE-8FB5-B2D79C490C99", "versionEndExcluding": "0.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}