CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-39227 – Python-jwt subject to Authentication Bypass by Spoofing
https://notcve.org/view.php?id=CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. • https://github.com/user0x1337/CVE-2022-39227 https://github.com/NoSpaceAvailable/CVE-2022-39227 https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9 https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml https://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24804 – Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF
https://notcve.org/view.php?id=CVE-2021-24804
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. El plugin Simple JWT Login de WordPress versiones anteriores a 3.2.1, no presenta comprobaciones de nonce cuando guarda sus configuraciones, lo que permite a atacantes hacer que un administrador conectado las cambie. Ajustes como el secreto de verificación HMAC, el registro de la cuenta y los roles de usuario por defecto pueden ser actualizados, lo que podría resultar en una toma de posesión del sitio • https://wpscan.com/vulnerability/6f015e8e-462b-4ef7-a9a1-bb91e7d28e37 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24998 – Simple JWT Login < 3.3.0 - Insecure Password Creation
https://notcve.org/view.php?id=CVE-2021-24998
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation. El plugin Simple JWT Login de WordPress versiones anteriores a 3.3.0, puede ser usado para crear nuevas cuentas de usuario en WordPress con una contraseña generada aleatoriamente. La contraseña es generada usando la función str_shuffle de PHP que "no genera valores criptográficamente seguros, y no debe ser usado para propósitos criptográficos" según la documentación de PHP The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation. • https://plugins.trac.wordpress.org/changeset/2613782 https://wpscan.com/vulnerability/1cca404e-766a-43ab-b41f-77d6a3b282fb • CWE-326: Inadequate Encryption Strength CWE-330: Use of Insufficiently Random Values •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41106 – File reference keys leads to incorrect hashes on HMAC algorithms
https://notcve.org/view.php?id=CVE-2021-41106
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly. Versions 3.4.6, 4.0.4, and 4.1.5 have been patched to always load the file contents, deprecated the `Lcobucci\JWT\Signer\Key\LocalFileReference`, and suggest `Lcobucci\JWT\Signer\Key\InMemory` as the alternative. As a workaround, use `Lcobucci\JWT\Signer\Key\InMemory` instead of `Lcobucci\JWT\Signer\Key\LocalFileReference` to create the instances of one's keys. • https://github.com/lcobucci/jwt/commit/8175de5b841fbe3fd97d2d49b3fc15c4ecb39a73 https://github.com/lcobucci/jwt/commit/c45bb8b961a8e742d8f6b88ef5ff1bd5cca5d01c https://github.com/lcobucci/jwt/security/advisories/GHSA-7322-jrq4-x5hf • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26160 – jwt-go: access restriction bypass vulnerability
https://notcve.org/view.php?id=CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. jwt-go versiones anteriores a 4.0.0-preview1, permite a atacantes omitir las restricciones de acceso previstas en situaciones con []string{} para m["aud"] (que está permitido por la especificación). Porque la aserción de tipo presenta un fallo, "" es el valor de aud. Este es un problema de seguridad si el token JWT es presentado para un servicio que carece de su propia comprobación de audiencia A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m["aud"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is "". • https://github.com/dgrijalva/jwt-go/pull/426 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 https://access.redhat.com/security/cve/CVE-2020-26160 https://bugzilla.redhat.com/show_bug.cgi?id=1883371 • CWE-284: Improper Access Control CWE-287: Improper Authentication CWE-755: Improper Handling of Exceptional Conditions •