Lucene search

GoogleOSV:GHSA-HCCX-CG4V-HRJX

HistoryAug 13, 2022 - 12:00 a.m.

JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider

2022-08-1300:00:43

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

CPENameOperatorVersion
io.ktor:ktoreq2.0.0-beta-1
io.ktor:ktoreq1.0.0
io.ktor:ktoreq1.1.3
io.ktor:ktoreq1.1.1
io.ktor:ktoreq1.3.0
io.ktor:ktoreq1.6.6
io.ktor:ktoreq1.0.0-rc
io.ktor:ktoreq2.0.0-rc-1
io.ktor:ktoreq1.5.3
io.ktor:ktoreq1.6.2

Name	Operator	Version
io.ktor:ktor	eq	2.0.0-beta-1
io.ktor:ktor	eq	1.0.0
io.ktor:ktor	eq	1.1.3
io.ktor:ktor	eq	1.1.1
io.ktor:ktor	eq	1.3.0
io.ktor:ktor	eq	1.6.6
io.ktor:ktor	eq	1.0.0-rc
io.ktor:ktor	eq	2.0.0-rc-1
io.ktor:ktor	eq	1.5.3
io.ktor:ktor	eq	1.6.2

Rows per page:

1-10 of 481

References

github.com/ktorio/ktor

github.com/ktorio/ktor/pull/3092

nvd.nist.gov/vuln/detail/CVE-2022-38180

www.jetbrains.com/privacy-security/issues-fixed

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for OSV:GHSA-HCCX-CG4V-HRJX