VIR Vulnerability Intelligence Relay

CVE-2024-21319

high
Published 2024-01-10 · Modified 2024-01-11
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CVSS v2
VIR risk
8.0

Description

Important: .NET 6.0 security update

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-0156.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-0152.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-0151.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0158.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0158

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0157.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0157

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0150.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2257566

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2255386

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2255384

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0150

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0157

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0150

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0158

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:0156

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:0152

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:0151

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed

Package impact
EcosystemPackageVulnerableFixed
nuget NuGetSystem.IdentityModel.Tokens.Jwt<5.7.05.7.0
nuget NuGetSystem.IdentityModel.Tokens.Jwt>=6.5.0,<6.34.06.34.0
nuget NuGetSystem.IdentityModel.Tokens.Jwt>=7.0.0-preview,<7.1.27.1.2
nuget NuGetMicrosoft.IdentityModel.JsonWebTokens<5.7.05.7.0
nuget NuGetMicrosoft.IdentityModel.JsonWebTokens>=6.5.0,<6.34.06.34.0
nuget NuGetMicrosoft.IdentityModel.JsonWebTokens>=7.0.0-preview,<7.1.27.1.2

References

Verify integrity in audit chain (admin only). AS-IS.