Lucene search

GitHub_MCVELIST:CVE-2023-23928

HistoryFeb 01, 2023 - 12:59 a.m.

CVE-2023-23928 reason-jose ignores signature checks

2023-02-0100:59:38

CWE-347

GitHub_M

www.cve.org

cwe-287

reasonml

authorization bypass

jose

vulnerability

patch

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

reason-jose is a JOSE implementation in ReasonML and OCaml.Jose.Jws.validate does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2.

CNA Affected

[
  {
    "vendor": "ulrikstrid",
    "product": "reason-jose",
    "versions": [
      {
        "version": "< 0.8.2",
        "status": "affected"
      }
    ]
  }
]

References

github.com/ulrikstrid/reason-jose/commit/36cd724db3cbec121757624da49072386bd869e5

github.com/ulrikstrid/reason-jose/releases/tag/v0.8.2

github.com/ulrikstrid/reason-jose/security/advisories/GHSA-7jj9-6qwv-wpm7

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

Related for CVELIST:CVE-2023-23928