[jira] [Created] (KAFKA-14994) jose4j is vulnerable to CVE- Improper Cryptographic Algorithm

Gaurav Jetly (Jira) Fri, 12 May 2023 06:35:08 -0700

Gaurav Jetly created KAFKA-14994:
------------------------------------

             Summary:  jose4j is vulnerable to CVE- Improper Cryptographic 
Algorithm
                 Key: KAFKA-14994
                 URL: https://issues.apache.org/jira/browse/KAFKA-14994
             Project: Kafka
          Issue Type: Bug
    Affects Versions: 3.4.0
            Reporter: Gaurav Jetly



Jose4j has the following vulnerability with high score of 7.1. 
jose4j is vulnerable to Improper Cryptographic Algorithm. The vulnerability 
exists due to the way `RSA1_5` and `RSA_OAEP` is implemented, allowing an 
attacker to decrypt `RSA1_5` or `RSA_OAEP` encrypted ciphertexts, and in 
addition, it may be feasible to sign with affected keys.

Please help upgrade the library to latest version
Current version in use: 0.7.9
Latest version with the fix: 0.9.3
CVE-
- Improper Cryptographic Algorithm
- Severity: HIGH
- CVSS: 7.1
- Disclosure Date: 07 Feb 2023 19:00PM EST
- Vulnerability Info: 
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/40398



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-14994) jose4j is vulnerable to CVE- Improper Cryptographic Algorithm

Reply via email to