CVE-2019-13483
Auth0 Passport-SharePoint does not validate JWT signature
7.3
HIGH
CVSS 3.1
EPSS 0.14%
Description
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.
How to fix CVE-2019-13483
To remediate CVE-2019-13483, upgrade the affected package to a fixed version below.
- npm/passport-sharepoint—upgrade to 0.4.0 or later
Is CVE-2019-13483 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |