CVE-2019-14823

First published: Fri Aug 30 2019(Updated: )

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Jss Cryptomanager Project Jss Cryptomanager	>=4.4.6<=4.4.7
Jss Cryptomanager Project Jss Cryptomanager	>=4.5.3<=4.5.4
Jss Cryptomanager Project Jss Cryptomanager	>=4.6.0<=4.6.2
Linux Linux kernel
Redhat Enterprise Linux	=6.0
Redhat Enterprise Linux	=6.1
Redhat Enterprise Linux	=6.2
Redhat Enterprise Linux	=6.3
Redhat Enterprise Linux	=6.4
Redhat Enterprise Linux	=6.5
Redhat Enterprise Linux	=6.6
Redhat Enterprise Linux	=6.7
Redhat Enterprise Linux	=6.8
Redhat Enterprise Linux	=6.9
Redhat Enterprise Linux	=6.10
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=7.1
Redhat Enterprise Linux	=7.2
Redhat Enterprise Linux	=7.3
Redhat Enterprise Linux	=7.4
Redhat Enterprise Linux	=7.5
Redhat Enterprise Linux	=7.6
Redhat Enterprise Linux	=7.7
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.7
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=7.0

Remedy

https://access.redhat.com/errata/RHSA-2019:3067

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/weakness
agent/type
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-14823
agent/author
agent/severity
agent/references
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/jss cryptomanager project
canonical/jss cryptomanager project jss cryptomanager
version/jss cryptomanager project jss cryptomanager/4.4.6
version/jss cryptomanager project jss cryptomanager/4.4.7
version/jss cryptomanager project jss cryptomanager/4.5.3
version/jss cryptomanager project jss cryptomanager/4.5.4
version/jss cryptomanager project jss cryptomanager/4.6.0
version/jss cryptomanager project jss cryptomanager/4.6.2
vendor/linux
canonical/linux linux kernel
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/6.0
version/redhat enterprise linux/6.1
version/redhat enterprise linux/6.2
version/redhat enterprise linux/6.3
version/redhat enterprise linux/6.4
version/redhat enterprise linux/6.5
version/redhat enterprise linux/6.6
version/redhat enterprise linux/6.7
version/redhat enterprise linux/6.8
version/redhat enterprise linux/6.9
version/redhat enterprise linux/6.10
version/redhat enterprise linux/7.0
version/redhat enterprise linux/7.1
version/redhat enterprise linux/7.2
version/redhat enterprise linux/7.3
version/redhat enterprise linux/7.4
version/redhat enterprise linux/7.5
version/redhat enterprise linux/7.6
version/redhat enterprise linux/7.7
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0

CVE-2019-14823

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact