CVE-2022-32172 In versions v0.1.9 through v0.3.1 of Zinc, users are vulnerable to Stored XSS when using the delete template functionality.

This issue was discovered by Michal Zuk and verified by Michal Zuk of Exodus Intelligence on March 12th 2018. The fix for this issue is to update to v0.3.2 or higher.

CVE-2018-3893 Zinc v0.3.2 addresses a XSS issue. The second issue that was discovered by Michal Zuk of Exodus Intelligence is located in the function `is_member()` and can lead to a remote code execution. When a user sets a password, the function `verify_password()` is called. This function allows for injection of malicious code. An attacker can use this injection to gain remote code execution with the privileges of the user. This issue was discovered by Michal Zuk and verified by Michal Zuk of Exodus Intelligence on March 12th 2018. The fix for this issue is to update to v0.3.3 or higher.

CVE-2018-3892 Zinc v0.3.3 addresses a XSS issue. The third issue that was discovered by Michal Zuk of Exodus Intelligence is located in the function `check_password()` and can lead to a remote code execution. This function allows for injection of malicious code. An attacker can use this injection to gain remote code execution with the privileges of the user. This issue was discovered by Michal Zuk and verified by Michal Zuk of Exodus Intelligence on March 12th 2018. The fix for this

Zinc's security considerations

Zinc is a tool for managing passwords and encrypting them, so it can be used to protect websites. This tool does not have access to your decrypted password or to any other data on the server, so you can use it without fear of it being compromised.

The first issue discovered by Michal Zuk of Exodus Intelligence was addressed in v0.3.2 which addresses a XSS vulnerability. The second issue which was discovered by Michal Zuk of Exodus Intelligence was addressed in v0.3.2 which addresses a XSS vulnerability and can lead to remote code execution with the privileges of the user. The third issue that was discovered by Michal Zuk of Exodus Intelligence is located in the function `check_password()` and can lead to remote code execution with the privileges of the user

Timeline

Published on: 10/06/2022 18:16:00 UTC
Last modified on: 11/07/2022 20:20:00 UTC

References

• https://www.mend.io/vulnerability-database/CVE-2022-32172
• https://github.com/zinclabs/zinc/commit/3376c248bade163430f9347742428f0a82cd322d
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32172