Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25898: Release CVE-2022-25898 Security fix in JWS and JWT validation · kjur/jsrsasign

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

CVE
#js
  1. Releases
  2. 10.5.25
  • Changes from 10.5.24 to 10.5.25 (2022-Jun-23)
    • src/jws.js
      • JWS.verify and JWS.verifyJWT
        • CVE-2022-25898 SECURITY FIX:
          verify and verifyJWT may accept signature with special characters
          or \number characters by mistake.
          Please see security advisory:
          GHSA-3fvg-4v2m-98jf
    • src/base64x.js
      • function isBase64URLDot added
    • test/qunit-do-jwt-veri.html

Related news

GHSA-3fvg-4v2m-98jf: JWS and JWT signature validation vulnerability with special characters

### Impact Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. For example, even if a string of non Base64URL encoding characters such as `!@$%` or `\11` is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake. When jsrsasign's JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization. By our internal assessment, CVSS 3.1 score will be 7.5. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N ### Patches Users validate JWS or JWT signatures should upgrade to 10.5.25. ### Workarounds Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. ### ACKNOWLEDGEMENT Thanks to Adi Malyanker and Or David for this vulnerability report...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907