What is CVE-2020-26244?

CVE-2020-26244 is a medium-severity vulnerability in Openidc Pyoidc, classified under Missing Cryptographic Step. CVSS score: 6.8/10. Published 2020-12-02.

How severe is CVE-2020-26244?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Openidc Pyoidc

CVE-2020-26244

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algori…

EPSS: 0.002 (43.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Openidc Pyoidc — versions < 1.2.1

Weakness classification (CWE)

References

github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg (x_refsource_CONFIRM)
pypi.org/project/oic/ (x_refsource_MISC)
github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498 (x_refsource_MISC)
github.com/OpenIDC/pyoidc/releases/tag/1.2.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26244?: CVE-2020-26244 is a medium-severity vulnerability in Openidc Pyoidc, classified under Missing Cryptographic Step. CVSS score: 6.8/10. Published 2020-12-02.
How severe is CVE-2020-26244?: Medium severity. CVSS v3 base score is 6.8 out of 10.