What is CVE-2019-12423?

CVE-2019-12423 is a vulnerability in Apache Cxf. Published 2020-01-16.

Is CVE-2019-12423 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Cxf

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the publ…

EPSS: 0.012 (79.0th percentile) — read the EPSS interpretation.

Affected products

Apache Cxf — versions All versions of Apache CXF prior to 3.3.5 and 3.2.12.

Public proof-of-concept exploits

n0-traces/cve_

References

[announce] 20200116 [CVE-2019-12423] - Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore (mailing-list, x_refsource_MLIST)
[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpuoct2020.html (x_refsource_MISC)
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
www.oracle.com/security-alerts/cpuApr2021.html (x_refsource_MISC)
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-12423?: CVE-2019-12423 is a vulnerability in Apache Cxf. Published 2020-01-16.
Is CVE-2019-12423 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.