Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on July 30th, 2019 📆 | 5040 Views ⚑

0

graphql-engine up to 1.0.0-beta.2 JWT unknown vulnerability [CVE-2019-1020015]


Text to Speech

CVSS Meta Temp Score Current Exploit Price (โ‰ˆ)
5.3 $0-$5k

A vulnerability was found in graphql-engine up to 1.0.0-beta.2. It has been rated as problematic. Affected by this issue is an unknown part of the component JWT Handler. The impact remains unknown. CVE summarizes:

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.

The weakness was disclosed 07/29/2019. This vulnerability is handled as CVE-2019-1020015 since 07/26/2019. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/30/2019).

Upgrading to version 1.0.0-beta.3 eliminates this vulnerability.

Name

Class: Unknown
Local: Yes
Remote: No

Availability: ๐Ÿ”’
Status: Not defined

Price Prediction: ๐Ÿ”
Current Price Estimation: ๐Ÿ”’






0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock

Threat Intelligenceinfoedit

Threat: ๐Ÿ”
Adversaries: ๐Ÿ”
Geopolitics: ๐Ÿ”
Economy: ๐Ÿ”
Predictions: ๐Ÿ”
Remediation: ๐Ÿ”Recommended: Upgrade
Status: ๐Ÿ”

0-Day Time: ๐Ÿ”’

Upgrade: graphql-engine 1.0.0-beta.3

07/26/2019 CVE assigned
07/29/2019 +3 days Advisory disclosed
07/30/2019 +1 days VulDB entry created
07/30/2019 +0 days VulDB last update
CVE: CVE-2019-1020015 (๐Ÿ”’)Created: 07/30/2019 08:25 AM
Complete: ๐Ÿ”

Download it now for free!

https://vuldb.com/?id.138932

Tagged with: โ€ข โ€ข โ€ข โ€ข



Comments are closed.






ยฉ Torchsec ย Privacy Policyย Disclaimer ย T&C



Back to Top ↑