---

ASA-202106-56 - log back

ASA-202106-56 edited at 24 Jun 2021 16:21:48
Workaround	- CVE-2021-29157 can be mitigated by disabling local JWT validation in oauth2, or using a different dict driver than fs:posix. No known workaround exists for CVE-2021-33515. + CVE-2021-29157 can be mitigated by disabling local JWT validation in + oauth2, or using a different dict driver than fs:posix. No known + workaround exists for CVE-2021-33515.

ASA-202106-56 edited at 22 Jun 2021 13:50:56
Impact	- A remote attacker could disclose user credentials and emails through a man-in-the-middle attack on STARTTLS. A local attacker with write access to the local disk could disclose other users' emails. + A remote authenticated attacker or a local attacker with write access to the disk could disclose user credentials and emails.

ASA-202106-56 edited at 22 Jun 2021 13:49:54

ASA-202106-56 edited at 22 Jun 2021 13:46:54
Workaround	+ CVE-2021-29157 can be mitigated by disabling local JWT validation in oauth2, or using a different dict driver than fs:posix. No known workaround exists for CVE-2021-33515.
Impact	+ A remote attacker could disclose user credentials and emails through a man-in-the-middle attack on STARTTLS. A local attacker with write access to the local disk could disclose other users' emails.

ASA-202106-56 created at 22 Jun 2021 13:44:20