CVE-2019-17195

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-10-2019 04:15

Last modified: - 07-06-2022 08:40

Total changes: - 17

Description

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=connect2id AND product=nimbus_jose\+jwt AND versionEndExcluding=7.9

vendor=apache AND product=hadoop AND version=3.2.1 AND update=-

vendor=oracle AND product=solaris_cluster AND version=4.0

vendor=oracle AND product=weblogic_server AND version=12.2.1.3.0

vendor=oracle AND product=weblogic_server AND version=12.2.1.4.0

vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.58

vendor=oracle AND product=enterprise_manager_base_platform AND version=13.4.0.0

vendor=oracle AND product=primavera_gateway AND version=19.12.0

vendor=oracle AND product=data_integrator AND version=12.2.1.4.0

vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.59

vendor=oracle AND product=primavera_gateway AND versionEndIncluding=18.8.11 AND versionStartIncluding=18.8.0

vendor=oracle AND product=communications_pricing_design_center AND version=12.0.0.3.0

vendor=oracle AND product=jd_edwards_enterpriseone_tools AND versionEndIncluding=9.2.5.3

vendor=oracle AND product=policy_automation AND versionEndIncluding=12.2.22 AND versionStartIncluding=12.2.0

vendor=oracle AND product=communications_cloud_native_core_security_edge_protection_proxy AND version=1.7.0

vendor=oracle AND product=insurance_policy_administration AND versionEndIncluding=11.3.1 AND versionStartIncluding=11.0

vendor=oracle AND product=healthcare_data_repository AND version=8.1.0

vendor=oracle AND product=jd_edwards_enterpriseone_orchestrator AND versionEndIncluding=9.2.5.3

Reference

https://connect2id.com/blog/nimbus-jose-jwt-7-9
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt
[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability-Mailing List, Third Party Advisory
[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability-Mailing List, Third Party Advisory
N/A-Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195-Mailing List, Third Party Advisory
[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195-Mailing List, Third Party Advisory
[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791-Mailing List, Third Party Advisory
[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791-Mailing List, Third Party Advisory
[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
N/A-Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2019-17195

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-17195

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures