admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-32631 for GHSA-fjq8-896w-pv28

Browse Source
This commit is contained in:
Shelby J. Cunningham 2021-07-26 11:14:13 -04:00
parent d2ba57778d
commit bf85ab5506
No known key found for this signature in database
GPG Key ID: 0781D7D998EB82AA
1 changed files with 86 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2021/32xxx/CVE-2021-32631.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "JSON Web Tokens not properly verified"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "common",
"version": {
"version_data": [
{
"version_value": "< 3b96cb0293d3443b870351945f41d7d55cb34b53"
}
]
}
}
]
},
"vendor_name": "nimble-platform"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Common is a package of common modules that can be accessed by NIMBLE services. Common before commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 did not properly verify the signature of JSON Web Tokens. This allows someone to forge a valid JWT. Being able to forge JWTs may lead to authentication bypasses. Commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 contains a patch for the issue. As a workaround, one may use the parseClaimsJws method to correctly verify the signature of a JWT."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nimble-platform/common/security/advisories/GHSA-fjq8-896w-pv28",
"refsource": "CONFIRM",
"url": "https://github.com/nimble-platform/common/security/advisories/GHSA-fjq8-896w-pv28"
},
{
"name": "https://github.com/nimble-platform/common/commit/12197a755bd524559bf4e16475595a2c6fcd34db",
"refsource": "MISC",
"url": "https://github.com/nimble-platform/common/commit/12197a755bd524559bf4e16475595a2c6fcd34db"
},
{
"name": "https://github.com/nimble-platform/common/commit/3b96cb0293d3443b870351945f41d7d55cb34b53",
"refsource": "MISC",
"url": "https://github.com/nimble-platform/common/commit/3b96cb0293d3443b870351945f41d7d55cb34b53"
},
{
"name": "https://github.com/nimble-platform/common/commit/a59ad46733912a5580530e39cac0e6ebc83cc563",
"refsource": "MISC",
"url": "https://github.com/nimble-platform/common/commit/a59ad46733912a5580530e39cac0e6ebc83cc563"
}
]
},
"source": {
"advisory": "GHSA-fjq8-896w-pv28",
"discovery": "UNKNOWN"
}
}