admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-368xx/CVE-2023-36820.json
cad-safe-bot 6a04e888f4 Auto-Update: 2023-10-13T18:00:24.495400+00:00
2023-10-13 18:00:28 +00:00

177 lines
6.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-36820",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T14:15:10.640",
"lastModified": "2023-10-13T16:35:04.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.\n"
},
{
"lang": "es",
"value": "Micronaut Security es una soluci\u00f3n de seguridad para aplicaciones. Antes de las versiones 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2 y 3.11.1, IdTokenClaimsValidator omite Validaci\u00f3n de reclamo `aud` si el token es emitido por el mismo emisor/proveedor de identidad. Cualquier configuraci\u00f3n de OIDC que utilice Micronaut en la que existan varias aplicaciones OIDC para el mismo emisor, pero la autenticaci\u00f3n de token no debe compartirse. Este problema se solucion\u00f3 en las versiones 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2 y 3.11. 1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.2",
"matchCriteriaId": "670F1AC9-632E-4D47-9492-9BAC0084BE0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndExcluding": "3.2.4",
"matchCriteriaId": "813AFD3C-E241-4376-AAF7-C4B276055121"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3.0",
"versionEndExcluding": "3.3.2",
"matchCriteriaId": "9626C2B1-79E6-4908-9ADF-E520DFC3402C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.0",
"versionEndExcluding": "3.4.3",
"matchCriteriaId": "FBCDEED9-3639-4D90-9808-F27F9E2FB02B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.0",
"versionEndExcluding": "3.5.3",
"matchCriteriaId": "FDC29054-500C-4B79-BDD5-B48D989D02E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.0",
"versionEndExcluding": "3.6.6",
"matchCriteriaId": "EA9D354C-1D89-4B68-AF7C-D712F0A1A8AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndExcluding": "3.7.4",
"matchCriteriaId": "9AE52168-0CAF-4BF7-B88B-AF79149F6919"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "3.8.4",
"matchCriteriaId": "71B1B0A7-CCA3-4199-BC32-37C1138C6BF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.6",
"matchCriteriaId": "AA7B0DE4-ACD6-47AC-8059-9D9B97876B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.2",
"matchCriteriaId": "4476038E-A854-4946-9CBF-42E2253B17D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:micronaut_security:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15398E49-FF87-4B88-B9B3-B326709E26AD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/micronaut-projects/micronaut-security/commit/9728b925221a0d87798ccf250657a3c214b7e980",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/micronaut-projects/micronaut-security/security/advisories/GHSA-qw22-8w9r-864h",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink