python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
History

Sun, 08 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2.4::el8
cpe:/a:redhat:ansible_automation_platform:2.4::el9
Vendors & Products Redhat
Redhat ansible Automation Platform

Mon, 19 Aug 2024 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:python-jose_project:python-jose:*:*:*:*:*:*:*:*
Vendors & Products Python-jose Project
Python-jose Project python-jose
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-25T00:00:00

Updated: 2024-09-03T19:34:19.749577

Reserved: 2024-04-25T00:00:00

Link: CVE-2024-33663

cve-icon Vulnrichment

Updated: 2024-08-19T07:38:26.262Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-26T00:15:09.010

Modified: 2024-11-21T09:17:21.073

Link: CVE-2024-33663

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-26T00:00:00Z

Links: CVE-2024-33663 - Bugzilla