On Tuesday, November 1st, 2022, Alteryx became aware of two high severity vulnerabilities in OpenSSL security framework (CVE-2022-3602 & CVE-2022-3786), also known as “Spooky SSL.” These vulnerabilities were announced as a “Critical” severity rating but downgraded to “High” upon further analysis by OpenSSL. These CVEs are related to buffer overruns in the security certificate verification code, and more information can be found on the OpenSSL site.
Patched Products
Release 2022.1.1.42590 Patch 3 has been released for:
- Server 22.1+
- Designer 22.1+
Potentially Affected Products
These products and versions include OpenSSL 3.0 and patches are in development:
- Server FIPS 22.1+
- Designer FIPS 22.1+
Products Confirmed as Not Impacted
- Designer builds up to and including version 21.4
- Server builds up to and including version 21.4
- Trifacta (on premises) AKA Designer Cloud (self-managed)
- Google Cloud Data Prep
- Designer Cloud Powered by Trifacta
- Machine Learning
- Intelligence Suite
- Connect
- Alteryx Analytics Hub
- Auto Insights
- Promote
- Metrics Store
Third Party Software
Third-party software may be impacted. If you downloaded tools such as database drivers or other management tools, please refer to those vendors for support and updates.