Server Certificate Verification Flaw in JetBrains Ktor
CVE-2023-45613

6.8MEDIUM

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 9 October 2023

Summary

A security vulnerability exists in JetBrains Ktor whereby server certificates are not verified in versions prior to 2.3.5. This lack of verification can expose applications to man-in-the-middle attacks, potentially allowing attackers to intercept and manipulate network traffic. It is crucial for developers using Ktor to upgrade to version 2.3.5 or later to ensure that proper server certificate validation is enforced. Failure to address this issue may lead to compromised data integrity and confidentiality.

Affected Version(s)

Ktor 0 < 2.3.5

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2023
Vulnerability Reserved
Oct 9, 2023