CVE-2022-46505

{"id": "CVE-2022-46505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-18T16:15:11.320", "references": [{"url": "https://github.com/SmallTown123/details-for-CVE-2022-46505", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-665"}]}], "descriptions": [{"lang": "en", "value": "An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data."}, {"lang": "es", "value": "Un problema en MatrixSSL 4.5.1-open y versiones anteriores provoca que no se pueda verificar de forma segura el campo SessionID, lo que resulta en el uso indebido de un MasterSecret completamente cero que puede descifrar datos secretos."}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D077B93-95F0-4952-B97A-B62348C6DC04", "versionEndIncluding": "4.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}