Authentication Provider Selection Issue in JetBrains Ktor
CVE-2022-38180

5.3MEDIUM

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 12 August 2022

Summary

In versions of JetBrains Ktor prior to 2.1.0, an issue exists where the wrong authentication provider may be selected, potentially leading to unintended security implications. This vulnerability can affect the integrity and reliability of the security mechanisms in applications using the Ktor framework, underscoring the importance of updating to the latest version to ensure optimal security practices.

Affected Version(s)

Ktor 2.1.0

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

https://github.com/ktorio/ktor/pull/3092

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2022
Vulnerability Reserved
Aug 12, 2022