CVE-2019-14823
14.10.2019, 20:15
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.Enginsight
| Vendor | Product | Version |
|---|---|---|
| jss_cryptomanager_project | jss_cryptomanager | 4.4.6 ≤ 𝑥 ≤ 4.4.7 |
| jss_cryptomanager_project | jss_cryptomanager | 4.5.3 ≤ 𝑥 ≤ 4.5.4 |
| jss_cryptomanager_project | jss_cryptomanager | 4.6.0 ≤ 𝑥 ≤ 4.6.2 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 6.1 |
| redhat | enterprise_linux | 6.2 |
| redhat | enterprise_linux | 6.3 |
| redhat | enterprise_linux | 6.4 |
| redhat | enterprise_linux | 6.5 |
| redhat | enterprise_linux | 6.6 |
| redhat | enterprise_linux | 6.7 |
| redhat | enterprise_linux | 6.8 |
| redhat | enterprise_linux | 6.9 |
| redhat | enterprise_linux | 6.10 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 7.1 |
| redhat | enterprise_linux | 7.2 |
| redhat | enterprise_linux | 7.3 |
| redhat | enterprise_linux | 7.4 |
| redhat | enterprise_linux | 7.5 |
| redhat | enterprise_linux | 7.6 |
| redhat | enterprise_linux | 7.7 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
- CWE-358 - Improperly Implemented Security Check for StandardThe software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
- CWE-295 - Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.
References