CVE-2019-7644

Опубликовано: 11 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application.

Ссылки

https://auth0.com/docs/security/bulletins/cve-2019-7644
Patch
Vendor Advisory
https://auth0.com/docs/security/bulletins/cve-2019-7644
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:auth0:auth0-wcf-service-jwt:*:*:*:*:*:*:*:*

Версия до 1.0.4 (исключая)

EPSS

Процентиль: 66%

0.00518

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-209

Связанные уязвимости

GHSA-qpvx-gpqm-g98j