Lucene search
Veracode Vulnerability DatabaseVERACODE:29596HistoryMar 09, 2021 - 1:06 a.m.
Authentication Bypass
2021-03-0901:06:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
0.0004 Low
EPSS
Percentile
9.5%
botframework-connector is vulnerable to authentication bypass. The vulnerability exists as Skill claims found in the jwt token is not validated against the SkillValidation.isSkillClaim method.
References
github.com/advisories/GHSA-fvcj-hvfw-7f2v
github.com/microsoft/botbuilder-js/commit/37c938ce08b209c8943460de7fcd78a86351c0d4
github.com/microsoft/botbuilder-python/commit/7c4dedec6a11b23ee15617e15e0af9f0961cf46b
github.com/microsoft/botbuilder-python/security/advisories/GHSA-cqff-fx2x-p86v
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1725
Related
osv
osv
botframework-connector vulnerable to Improper Authentication
2021-03-08 15:49:53
Improper Authentication
2021-03-08 15:50:10
PYSEC-2021-422
2021-01-12 20:15:00
github
github
botframework-connector vulnerable to Improper Authentication
2021-03-08 15:49:53
nvd
nvd
CVE-2021-1725
2021-01-12 20:15:35
cvelist
cvelist
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability
2021-01-12 19:42:47
cve
cve
CVE-2021-1725
2021-01-12 20:15:35
mscve
mscve
Bot Framework SDK Information Disclosure Vulnerability
2021-01-12 08:00:00
nodejs
nodejs
Improper Authentication
2021-03-08 15:57:38
prion
prion
Information disclosure
2021-01-12 20:15:00
kaspersky
kaspersky
KLA12040 Multiple vulnerability in Microsoft Developer Tools
2021-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2021
2021-01-12 23:59:00