CVE-2019-14823
published 2019-10-14CVE-2019-14823: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the…
high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jss | < jss 4.6.2-1 (bookworm) | jss 4.6.2-1 (bookworm) |
| dogtag | jss | — | — |
| dogtag | jss | — | — |
| dogtag | jss | — | — |
| dogtag | jss | >= 0 < 4.6.2-1 | 4.6.2-1 |
| dogtag | jss | >= 0 < 4.6.2-1 | 4.6.2-1 |
| dogtag | jss | >= 0 < 4.6.2-1 | 4.6.2-1 |
| jss_cryptomanager_project | jss_cryptomanager | 4.4.6 – 4.4.7 | — |
| jss_cryptomanager_project | jss_cryptomanager | 4.5.3 – 4.5.4 | — |
| jss_cryptomanager_project | jss_cryptomanager | 4.6.0 – 4.6.2 | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.4HIGH