CVE-2023-48238

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions joaquimserafim/json-web-token (affected versions not specified)

Description The json-web-token library is vulnerable to a JWT algorithm confusion attack. This issue arises because the algorithm to use for verifying the signature of the JWT token is taken from the JWT token itself, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library if the RS256 algorithm is in use, which is considered a best practice.

Recommendations To resolve this issue, either of the following solutions can be applied:

Change the signature of the decode function to ensure that the algorithm is set in that call.
Check whether or not the secret could be a public key in the decode function and, in that case, set the key to be a public key.

Exploit

Fix

Insufficient Verification of Data Authenticity

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-20

Related Identifiers

CVE-2023-48238

GHSA-4XW9-CX39-R355

Affected Products

Jsonwebtoken

CVE-2023-48238

Weakness Enumeration

Related Identifiers

Affected Products

References · 12