Auth0 Security Bulletin CVE-2019-13483
CVE number: CVE-2019-13483
Versions of Passport-SharePoint prior to 0.4.0 do not validate the JWT signature of an Access Token before processing.
This vulnerability allows attackers to forge tokens and bypass authentication and authorization mechanisms.
Am I affected?
You are affected by this vulnerability if you use a Passport-SharePoint version earlier than 0.4.0.
How do I fix this?
Developers using the Passport-SharePoint library must upgrade to version
Please note that Auth0 has deprecated and will no longer maintain this library. Developers should plan to discontinue its use.
Will this update impact my users?
No. This fix patches the library that your application runs, but it will not impact your users, their current state, or any existing sessions.