Improper Nonce Verification in JetBrains Ktor OAuth2 Authentication
CVE-2021-43203

7.5HIGH

Key Information:

Vendor

Jetbrains
Status
Ktor
Vendor
CVE Published:
9 November 2021

What is CVE-2021-43203?

In JetBrains Ktor versions prior to 1.6.4, an improper nonce verification vulnerability exists within the OAuth2 authentication process. This flaw can potentially be exploited by attackers to manipulate nonce values, compromising the authentication flow and allowing unauthorized access to sensitive user data.

References

https://blog.jetbrains.com/blog/2021/11/08/jetbrains-secu...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.