To support the growing demands of open source security, OSS Index will migrate to Sonatype Guide on 04/28. To learn more about how to prepare for this transition, click here.

Vulnerability

CVE-2022-30187

Report advisory or correction

CVSS Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE

References

https://docs.microsoft.com/en-us/dotnet/standard/security/vulnerabilities-cbc-mode

https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.Blobs/CHANGELOG.md#12130-beta1-2022-06-15

https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/storage/azure-storage-blob/CHANGELOG.md#12130b1-2022-06-15

https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/storage/azure-storage-queue/CHANGELOG.md#1240b1-2022-06-15

https://github.com/advisories/GHSA-64x4-9hc6-r2h6

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30187

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30187

[CVE-2022-30187] CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Description

Azure Storage Library Information Disclosure Vulnerability

Deviation Notice:

Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:

Detailed deviations
References
Custom Descriptions [Coming Soon]

See com.azure/azure-storage-blob package information