2062877 – (CVE-2022-0931) CVE-2022-0931 3scale: claim restriction bypass via JWT algorithm switch

Bug 2062877 (CVE-2022-0931) - CVE-2022-0931 3scale: claim restriction bypass via JWT algorithm switch

Summary: CVE-2022-0931 3scale: claim restriction bypass via JWT algorithm switch

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-0931
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2062869
TreeView+	depends on / blocked

Reported:	2022-03-10 19:01 UTC by Chess Hazlett
Modified:	2024-02-12 09:42 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus to bypass security restrictions for the user.
Clone Of:
Environment:
Last Closed:	2024-02-08 21:28:49 UTC
Embargoed:

Attachments	(Terms of Use)

Description Chess Hazlett 2022-03-10 19:01:24 UTC

3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus to bypass security restrictions for the user.

Note You need to log in before you can comment on or make changes to this bug.