CVE-2019-14823 — Improperly Implemented Security Check for Standard in Cryptomanager Project JSS Cryptomanager
Severity
7.4HIGHNVD
EPSS
0.3%
top 47.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 14
Latest updateMay 24
Description
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2
Affected Packages5 packages
Also affects: Enterprise Linux 6.0, 6.1, 6.10, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 8.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-45q2-f3rm-5r6v: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4↗2022-05-24
OSV▶
CVE-2019-14823: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4↗2019-10-14
CVEList▶
CVE-2019-14823: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4↗2019-10-14