Lucene search

[email protected]CVE-2019-13483

HistoryJul 25, 2019 - 8:15 p.m.

CVE-2019-13483

2019-07-2520:15:11

CWE-345

[email protected]

web.nvd.nist.gov

104

cve-2019-13483

auth0

passport-sharepoint

jwt

access token

authentication

authorization

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

39.6%

JSON

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.

Affected configurations

NVD

Node

auth0passport-sharepointRange<0.4.0

CPENameOperatorVersion
auth0:passport-sharepointauth0 passport-sharepointlt0.4.0

CPE	Name	Operator	Version
auth0:passport-sharepoint	auth0 passport-sharepoint	lt	0.4.0

References

auth0.com/docs/security/bulletins/cve-2019-13483

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for CVE-2019-13483

nvd1 prion1 osv2 cvelist1 github1