What is the severity of CVE-2019-14823?

CVE-2019-14823 has been rated as a medium severity vulnerability due to its potential impact on certificate chain validation.

How do I fix CVE-2019-14823?

To fix CVE-2019-14823, update JSS CryptoManager to version 4.4.7 or later, 4.5.4 or later, or 4.6.2 or later.

Which versions of JSS CryptoManager are affected by CVE-2019-14823?

JSS CryptoManager versions 4.4.6, 4.5.3, and 4.6.0 are affected by CVE-2019-14823.

What applications are at risk due to CVE-2019-14823?

Applications using the 'Leaf and Chain' OCSP policy in affected versions of JSS CryptoManager may be at risk due to CVE-2019-14823.

Is there a workaround for CVE-2019-14823 if I cannot update immediately?

Currently, there are no documented workarounds for CVE-2019-14823, so updating is the recommended approach.

Vulnerability/
CVE-2019-14823

high

7.4

CWE

358 295

30/8/2019

14/10/2019

5/8/2024

CVE-2019-14823

First published: Fri Aug 30 2019(Updated: )

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
JSS CryptoManager	>=4.4.6<=4.4.7
JSS CryptoManager	>=4.5.3<=4.5.4
JSS CryptoManager	>=4.6.0<=4.6.2
Linux Kernel
Red Hat Enterprise Linux	=6.0
Red Hat Enterprise Linux	=6.1
Red Hat Enterprise Linux	=6.2
Red Hat Enterprise Linux	=6.3
Red Hat Enterprise Linux	=6.4
Red Hat Enterprise Linux	=6.5
Red Hat Enterprise Linux	=6.6
Red Hat Enterprise Linux	=6.7
Red Hat Enterprise Linux	=6.8
Red Hat Enterprise Linux	=6.9
Red Hat Enterprise Linux	=6.10
Red Hat Enterprise Linux	=7.0
Red Hat Enterprise Linux	=7.1
Red Hat Enterprise Linux	=7.2
Red Hat Enterprise Linux	=7.3
Red Hat Enterprise Linux	=7.4
Red Hat Enterprise Linux	=7.5
Red Hat Enterprise Linux	=7.6
Red Hat Enterprise Linux	=7.7
Red Hat Enterprise Linux	=8.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux eus	=7.7
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.7
redhat enterprise Linux server tus	=7.7
redhat enterprise Linux workstation	=7.0

Remedy

https://access.redhat.com/errata/RHSA-2019:3067

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-14823?
CVE-2019-14823 has been rated as a medium severity vulnerability due to its potential impact on certificate chain validation.
How do I fix CVE-2019-14823?
To fix CVE-2019-14823, update JSS CryptoManager to version 4.4.7 or later, 4.5.4 or later, or 4.6.2 or later.
Which versions of JSS CryptoManager are affected by CVE-2019-14823?
JSS CryptoManager versions 4.4.6, 4.5.3, and 4.6.0 are affected by CVE-2019-14823.
What applications are at risk due to CVE-2019-14823?
Applications using the 'Leaf and Chain' OCSP policy in affected versions of JSS CryptoManager may be at risk due to CVE-2019-14823.
Is there a workaround for CVE-2019-14823 if I cannot update immediately?
Currently, there are no documented workarounds for CVE-2019-14823, so updating is the recommended approach.

agent/weakness
agent/type
agent/remedy
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-14823
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/jss cryptomanager project
canonical/jss cryptomanager
version/jss cryptomanager/4.4.6
version/jss cryptomanager/4.4.7
version/jss cryptomanager/4.5.3
version/jss cryptomanager/4.5.4
version/jss cryptomanager/4.6.0
version/jss cryptomanager/4.6.2
vendor/linux
canonical/linux kernel
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/6.0
version/red hat enterprise linux/6.1
version/red hat enterprise linux/6.2
version/red hat enterprise linux/6.3
version/red hat enterprise linux/6.4
version/red hat enterprise linux/6.5
version/red hat enterprise linux/6.6
version/red hat enterprise linux/6.7
version/red hat enterprise linux/6.8
version/red hat enterprise linux/6.9
version/red hat enterprise linux/6.10
version/red hat enterprise linux/7.0
version/red hat enterprise linux/7.1
version/red hat enterprise linux/7.2
version/red hat enterprise linux/7.3
version/red hat enterprise linux/7.4
version/red hat enterprise linux/7.5
version/red hat enterprise linux/7.6
version/red hat enterprise linux/7.7
version/red hat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0

CVE-2019-14823

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-14823?

How do I fix CVE-2019-14823?

Which versions of JSS CryptoManager are affected by CVE-2019-14823?

What applications are at risk due to CVE-2019-14823?

Is there a workaround for CVE-2019-14823 if I cannot update immediately?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-14823?

How do I fix CVE-2019-14823?

Which versions of JSS CryptoManager are affected by CVE-2019-14823?

What applications are at risk due to CVE-2019-14823?

Is there a workaround for CVE-2019-14823 if I cannot update immediately?