CVE-2019-14823 MEDIUM

CVE-2019-14823

Vendor Dogtag
Product JSS
Weakness CWE-358
Published October 14, 2019
Last update August 5, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Key dates

02Disclosure timeline

October 14, 2019 CVE published
August 5, 2024 Record updated