PT-2019-13361 · Auth0 · Auth0 Passport-Sharepoint

Publicado

2019-07-25

Atualizado

2022-05-24

CVE-2019-13483

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Auth0 Passport-SharePoint versions prior to 0.4.0

Description The issue allows attackers to forge tokens and bypass authentication and authorization mechanisms due to the lack of validation of the JWT signature of an Access Token before processing.

Recommendations For versions prior to 0.4.0, update to version 0.4.0 or later to resolve the issue. As a temporary workaround, consider implementing additional validation mechanisms for JWT signatures to prevent token forgery.

Correção

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345

Identificadores relacionados

CVE-2019-13483

GHSA-45FH-G845-PJ9W

Produtos afetados

Auth0 Passport-Sharepoint

PT-2019-13361 · Auth0 · Auth0 Passport-Sharepoint

CVE-2019-13483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5