CVE-2019-1006
- Source
- https://cve.org/CVERecord?id=CVE-2019-1006
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1006.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-1006
- Published
- 2019-07-15T19:15:16.390Z
- Modified
- 2026-04-10T04:13:38.621075Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
- References
Affected packages
Git / github.com/powershell/powershell
Affected versions
v0.*
v0.1.0
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v6.*
v6.0.0-alpha.10
v6.0.0-alpha.11
v6.0.0-alpha.12
v6.0.0-alpha.13
v6.0.0-alpha.16
v6.0.0-alpha.17
v6.0.0-alpha.18
v6.0.0-alpha.7
v6.0.0-alpha.9
v6.0.0-beta.1
v6.0.0-beta.2
v7.*
v7.0.0
v7.0.0-preview.6
v7.0.0-rc.1
v7.0.0-rc.2
v7.0.0-rc.3
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0-sp2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0-sp2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.7.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.5.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.5.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.7.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.7.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2013-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2016"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2010-sp2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2013-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2019"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1607"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1703"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1709"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1803"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1809"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1903"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "r2-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "r2-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "r2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1803"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1903"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1006.json"