Quan Nguyen

**Name of the Vulnerable Software and Affected Versions** Connect2id Nimbus JOSE+JWT versions prior to 9.37.2 Confluence Data Center and Server versions prior to 7.19.23 Confluence Data Center and Server versions prior to 8.5.11 Confluence Data Center and Server versions prior to 8.6.2 Confluence Data Center and Server versions prior to 8.7.2 Confluence Data Center and Server versions prior to 8.9.3 Bamboo Data Center and Server versions prior to 9.2.15 Bamboo Data Center and Server versions prior to 9.4.3 Bamboo Data Center and Server versions prior to 9.5.3 Bamboo Data Center and Server versions prior to 9.6.3 **Description** The issue is related to the PasswordBasedDecrypter (PBKDF2) component in Connect2id Nimbus JOSE+JWT. An attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count). This allows an unauthenticated attacker to expose assets in the environment susceptible to exploitation, with no impact to confidentiality, no impact to integrity, and high impact to availability, requiring no user interaction. **Recommendations** For Connect2id Nimbus JOSE+JWT versions prior to 9.37.2, upgrade to version 9.37.2 or later. For Confluence Data Center and Server versions prior to 7.19.23, upgrade to version 7.19.23 or later. For Confluence Data Center and Server versions prior to 8.5.11, upgrade to version 8.5.11 or later. For Confluence Data Center and Server versions prior to 8.6.2, upgrade to version 8.6.2 or later. For Confluence Data Center and Server versions prior to 8.7.2, upgrade to version 8.7.2 or later. For Confluence Data Center and Server versions prior to 8.9.3, upgrade to version 8.9.3 or later. For Bamboo Data Center and Server versions prior to 9.2.15, upgrade to version 9.2.15 or later. For Bamboo Data Center and Server versions prior to 9.4.3, upgrade to version 9.4.3 or later. For Bamboo Data Center and Server versions prior to 9.5.3, upgrade to version 9.5.3 or later. For Bamboo Data Center and Server versions prior to 9.6.3, upgrade to version 9.6.3 or later.

**Name of the Vulnerable Software and Affected Versions** go-jose versions prior to 1.0.4 **Description** The issue arises from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, the received public key on a message is not checked to be on the same curve as the static private key of the receiver. This allows an attacker to mount an invalid curve attack during decryption. **Recommendations** For go-jose versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider validating the curve of the received public key against the receiver's private key curve before proceeding with the ECDH-ES algorithm. Restrict access to the ECDH-ES functionality until the update is applied to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** go-jose versions prior to 1.1.0 go-jose versions prior to 1.0.4 **Description** The go-jose library is affected by an issue related to multiple signatures exploitation. When validating a signed message, the API does not indicate which signature is valid. This could lead to confusion, as users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated. **Recommendations** For go-jose versions prior to 1.0.4, update to version 1.0.4 or later. For go-jose versions prior to 1.1.0, update to version 1.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** go-jose versions prior to 1.0.5 **Description** The issue concerns an integer overflow in CBC-HMAC on 32-bit architectures, potentially leading to authentication bypass for CBC-HMAC encrypted ciphertexts. On 32-bit platforms, an attacker can manipulate ciphertext encrypted with AES-CBC with HMAC, allowing control over the input buffer size when computing the HMAC authentication tag. This could enable a manipulated ciphertext to be verified as authentic, making it vulnerable to padding oracle attacks. **Recommendations** For go-jose versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of CBC-HMAC encryption on 32-bit architectures until the update is applied.