公告ID: KYLIN-2019-14823
安全等级: 重要
产品: Kylin V3
发布日期: 2019年10月14日
CVE: CVE-2019-14823
CVSS3评分: 6.8
概述:
描述:
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. 系统版本:
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
jss
jss
pki-core:10.6/jss