Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-45170
CVE-2022-45170:
Linux Alpine vulnerability analysis and mitigation
Overview
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user (NVD).
Technical details
The vulnerability affects the /api/v1/vencrypt/decrypt/file endpoint in LIVEBOX Collaboration vDesk through version 018. The issue has been classified with CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) (NVD).
Impact
The vulnerability allows an authenticated malicious user to bypass cryptographic protections and decrypt files without knowledge of the encryption key set by the file owner. This results in unauthorized access to potentially sensitive encrypted data (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Alpine vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management