Lucene search
GitHub Advisory DatabaseGHSA-HCCX-CG4V-HRJXHistoryAug 13, 2022 - 12:00 a.m.
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider
2022-08-1300:00:43
CWE-287
GitHub Advisory Database
github.com
9
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
52.6%
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
Affected configurations
Node
io.ktor\Matchktor
| CPE | Name | Operator | Version |
|---|---|---|---|
| io.ktor:ktor | lt | 2.1.0 |
Related
cve
cve
CVE-2022-38180
2022-08-12 10:15:28
prion
prion
Authentication flaw
2022-08-12 10:15:00
cvelist
cvelist
CVE-2022-38180
2022-08-12 09:55:15
osv
osv
CVE-2022-38180
2022-08-12 10:15:28
nvd
nvd
CVE-2022-38180
2022-08-12 10:15:28
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
52.6%
Related for GHSA-HCCX-CG4V-HRJX