{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T10:08:36.743","vulnerabilities":[{"cve":{"id":"CVE-2022-21672","sourceIdentifier":"security-advisories@github.com","published":"2022-01-10T21:15:08.043","lastModified":"2024-11-21T06:45:12.117","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor."},{"lang":"es","value":"make-ca es una utilidad para entregar y administrar una configuración PKI completa para estaciones de trabajo y servidores. A partir de la versión 0.9 y versiones anteriores a 1.10, make-ca malinterpreta  Mozilla certdata.txt y trata los certificados explícitamente no confiables como si fueran confiables, causando que esos certificados explícitamente no confiables sean confiados por el sistema. Los certificados explícitamente no confiables fueron usados por algunas CAs ya hackeadas. Los atacantes hostiles pueden llevar a cabo un ataque de tipo MIM explotándolos. Todos los que usen las versiones afectadas de make-ca deberían actualizar a make-ca-1.10, y ejecutar \"make-ca -f -g\" como usuario \"root\" para regenerar el almacén confiable inmediatamente. Como solución, los usuarios pueden borrar los certificados no confiables de /etc/pki/tls y /etc/ssl/certs manualmente (o mediante un script), pero no es recomendado porque los cambios manuales serán sobreescritos la próxima vez que sea ejecutado make-ca para actualizar el anclaje confiable"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-115"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfromscratch:make-ca:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9","versionEndExcluding":"1.10","matchCriteriaId":"9DF45D07-0CDF-49E7-B12B-1A17B3357573"}]}]}],"references":[{"url":"https://github.com/lfs-book/make-ca/issues/19","source":"security-advisories@github.com","tags":["Issue Tracking","Mitigation","Third Party Advisory"]},{"url":"https://github.com/lfs-book/make-ca/pull/20","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html","source":"security-advisories@github.com","tags":["Mailing List","Mitigation","Vendor Advisory"]},{"url":"https://github.com/lfs-book/make-ca/issues/19","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Third Party Advisory"]},{"url":"https://github.com/lfs-book/make-ca/pull/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Vendor Advisory"]}]}}]}