Improper Nonce Verification in JetBrains Ktor OAuth2 Authentication
CVE-2021-43203
7.5HIGH
Summary
In JetBrains Ktor versions prior to 1.6.4, an improper nonce verification vulnerability exists within the OAuth2 authentication process. This flaw can potentially be exploited by attackers to manipulate nonce values, compromising the authentication flow and allowing unauthorized access to sensitive user data.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved