How severe is CVE-2022-21672?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-21672?

This is classified as CWE-115, which is a common weakness in software security.

CVE-2022-21672 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor.

Related Vulnerabilities

CVE-2022-1233

MEDIUM

CVSS:6.5(Medium)

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

CWE-1152022

CVE-2023-32260

MEDIUM

CVSS:6.5(Medium)

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerabi...

CWE-1152023

CVE-2024-12388

MEDIUM

CVSS:6.5(Medium)

A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can ...

CWE-1152024

CVE-2025-25069

MEDIUM

CVSS:6.5(Medium)

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a va...

CWE-1152025

CVE-2020-29509

MEDIUM

CVSS:5.6(Medium)

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that b...

CWE-1152020

CVE-2020-29510

MEDIUM

CVSS:5.6(Medium)

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave i...

CWE-1152020