MiracleLinux 8 : idm:DL1 (AXSA:2024-8410:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8410:01 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 python-jwcrypto: malicious JWE token can cause denial of service CVE-2024-281...

MiracleLinux 9 : python-jwcrypto-1.5.6-2.el9 (AXSA:2024-9264:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9264:02 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Tenable has extracted the preceding description block directly from the MiracleLinux...

TencentOS Server 3: idm:DL1 and idm:client (TSSA-2024:0305)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0305 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: python-jwcrypto (TSSA-2024:0814)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0814 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 9 : python-jwcrypto (RHSA-2024:9281)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9281 advisory. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web...

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

ALSA-2024:9281 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

RHEL 8 : idm:DL1 and idm:client (RHSA-2024:3267)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3267 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

RLSA-2024:3267 Moderate: idm:DL1 and idm:client security update

Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681...

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 python-jwcrypto: malicious JWE token can cause denial of service CVE-2024-28102...

Moderate: Red Hat Security Advisory: idm:DL1 and idm:client security update

An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

OESA-2024-1197 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can resul...

CVE-2023-6681

creationtimestamp| type| source ---|---|--- 2024-02-12 15:21:47+00:00| seen| https://t.me/ctinow/183164...

CVE-2023-6681

CVE-2023-6681 affects JWCrypto in python-jwcrypto. Root cause: unbounded PBES2 Count value in PBKDF2 enables a DoS when processing crafted JWE tokens; high resource consumption is possible. Documented impact: denial of service (and potential password brute‑force/dictionary pressure). Remediation/...

alastria-auth (>=0.0.3 <=0.0.17), alastria-identity (>=0.2.0 <=0.4.0) +36 more potentially affected by CVE-2023-6681 via jwcrypto (>=0.4.0 <=1.5.0)

jwcrypto PYPI version =0.4.0, =0.0.3, =0.2.0, =0.4.0a0, =2.0.0, =0.1.0, =0.1.0, =0.1.0.2, =2.5.6, =0.6.0, =0.1.0, =0.0.0.1, =2.5.0, =0.1.0, =0.1.0, =0.14.1 and more Source cves: CVE-2023-6681 Source advisory: OSV:GHSA-CW2R-4P82-QV79...