Published: 25/10/2023 Updated: 31/10/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

jose4j before v0.9.3 allows malicious users to set a low iteration count of 1000 or less.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jose4j project jose4j

Debian Bug report logs - #1054872 libjose4j-java: CVE-2023-31582 Package: src:libjose4j-java; Maintainer for src:libjose4j-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 27 Oct 2023 21:00:01 UTC Severity: important Tags: secu ...

Synopsis Important: Red Hat AMQ Streams 260 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Streams 260 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: Red Hat Data Grid 846 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid 8 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating ...

Synopsis Important: Red Hat build of Quarkus 2139 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, which gives ade ...

CWE-331 https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054872 https://nvd.nist.gov

CVE-2023-31582

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect