Vulnerability Description
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Identitymodel Project | Identitymodel | < 1.3.0 |
References
- https://github.com/scottbrady91/IdentityModel/compare/1.2.0...1.3.0PatchRelease NotesThird Party Advisory
- https://github.com/scottbrady91/IdentityModel/issues/3Broken LinkIssue TrackingThird Party Advisory
- https://github.com/scottbrady91/IdentityModel/issues/4Broken LinkIssue TrackingThird Party Advisory
- https://github.com/scottbrady91/IdentityModel/compare/1.2.0...1.3.0PatchRelease NotesThird Party Advisory
- https://github.com/scottbrady91/IdentityModel/issues/3Broken LinkIssue TrackingThird Party Advisory
- https://github.com/scottbrady91/IdentityModel/issues/4Broken LinkIssue TrackingThird Party Advisory
FAQ
What is CVE-2020-36255?
CVE-2020-36255 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
How severe is CVE-2020-36255?
CVE-2020-36255 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36255?
Check the references section above for vendor advisories and patch information. Affected products include: Identitymodel Project Identitymodel.