CVE-2022-35143 — Raneto v0.17.0 employs weak password complexity requirements

Description

Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities.

How to fix CVE-2022-35143

To remediate CVE-2022-35143, upgrade the affected package to a fixed version below.

npm/raneto—upgrade to 0.17.1 or later

Is CVE-2022-35143 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.17.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-35143
PATCHgithub.com/ryanlelek/Raneto
WEBraneto.com
WEBcwe.mitre.org/data/definitions/521.html
WEBgainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144