nvd-json-data-feeds/CVE-2024/CVE-2024-101xx/CVE-2024-10125.json

{
  "id": "CVE-2024-10125",
  "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
  "published": "2024-10-22T00:15:02.457",
  "lastModified": "2024-10-23T21:15:14.510",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The  Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature  contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any  ASP.NET https://dotnet.microsoft.com/apps/aspnet  Core deployment scenario, including Fargate, EKS, ECS, EC2, and Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity and an actor may be able to mimic valid OIDC-federated sessions to the ALB targets.\n\n\n\nThe repository/package has been deprecated, is end of life, and is no longer supported. As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate Tasks etc.) do not have public IP addresses. Ensure any forked or derivative code validate that the signer\u00a0attribute in the JWT match the ARN of the Application Load Balancer that the service is configured to use."
    },
    {
      "lang": "es",
      "value": "El repositorio Amazon.ApplicationLoadBalancer.Identity.AspNetCore https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contiene middleware que se puede utilizar junto con la integraci\u00f3n de OpenId Connect de Application Load Balancer (ALB) y se puede utilizar en cualquier escenario de implementaci\u00f3n de ASP.NET http://asp.net/ Core, incluidos Fargate, EKS, ECS, EC2 y Lambda. En el c\u00f3digo de manejo de JWT, realiza la validaci\u00f3n de la firma, pero no puede validar la identidad del emisor y el firmante de JWT. La omisi\u00f3n del firmante, si se combina con un escenario en el que el propietario de la infraestructura permite el tr\u00e1fico de Internet a los destinos de ALB (no es una configuraci\u00f3n recomendada), puede permitir la firma de JWT por parte de una entidad no confiable y un actor puede imitar sesiones federadas de OIDC v\u00e1lidas a los destinos de ALB."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "NONE",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "HIGH",
          "subsequentSystemIntegrity": "LOW",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-012/",
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"
    },
    {
      "url": "https://github.com/awslabs/aws-alb-identity-aspnetcore/security/advisories/GHSA-5gh5-cc5m-q244",
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"
    }
  ]
}