CVE-2019-14823

Published Oct 14, 2019

Last updated 2 years ago

CVSS high 7.4

Overview

Description: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.4
Impact score: 5.2
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 6.8
Impact score: 5.2
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

secalert@redhat.com: CWE-358
nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jss_cryptomanager_project:jss_cryptomanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9999841C-2F59-4CD8-B548-47922047BC7A",
            "versionEndIncluding": "4.4.7",
            "versionStartIncluding": "4.4.6"
          },
          {
            "criteria": "cpe:2.3:a:jss_cryptomanager_project:jss_cryptomanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C8C59A5-DAEE-446C-8B76-8FEB23D21B23",
            "versionEndIncluding": "4.5.4",
            "versionStartIncluding": "4.5.3"
          },
          {
            "criteria": "cpe:2.3:a:jss_cryptomanager_project:jss_cryptomanager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED92967F-FA85-4BB9-B0A8-84D2A05C8B69",
            "versionEndIncluding": "4.6.2",
            "versionStartIncluding": "4.6.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D5A165C-3721-4A87-839F-BD4F6778DA77"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A1F55A9-FAAF-4751-BA6A-93CDB31B11C6"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9045284A-C762-4913-B5AF-8499235F969C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "905EC4D0-7604-476A-8176-9FFCEB1DC6B1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "564DCCFD-77BF-4FB1-A0A0-96104B154282"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "467A831E-C63B-476F-A71F-8FB52556BC45"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84FF61DF-D634-4FB5-8DF1-01F631BE1A7A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243980B8-4044-4776-B521-F9D709E68CCB"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39A7795D-CFD3-4643-A7A1-7AD7629B5511"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28DF9D01-ADD0-4E70-8991-0EA3EAC272A0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "266EA1B3-526F-4D12-873E-08CE3861AEA6"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E4DC974-235F-4655-966F-2490A4C4E490"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B99A2411-7F6A-457F-A7BF-EB13C630F902"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B1633BB-7D54-4564-BC1C-3B80BA6FF215"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "AE8DED75-8C97-476F-805B-7A2F17B6BC11"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "B061040C-AB62-4ED6-8F4A-A49DA6753C4B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References