7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-0114

GHSA ID

GHSA-jfxm-w8g2-4rcv

EPSS Score

0.99232%

CWE

CWE-347

Published

5/13/2022

Updated

10/14/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-0114

CVE-2018-0114:
Cisco node-jose improper validation of JWT signature

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-0114

GHSA ID

GHSA-jfxm-w8g2-4rcv

EPSS Score

0.99232%

CWE

CWE-347

Published

5/13/2022

Updated

10/14/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
node-jose	npm	< 0.11.0	0.11.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from automatic trust in JWS header-embedded JWK keys during verification. The changelog for 0.11.0 explicitly shows the addition of an 'allowEmbeddedKeys' option to control this behavior, indicating the verification function previously lacked this safeguard. The POC demonstrates header manipulation that would be processed by the verification flow, and CWE-347 confirms it's a signature validation issue. The verification function is the logical point where header JWK processing and signature checking intersect.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in t** *is*o no**-jos* op*n sour** li*r*ry ***or* *.**.* *oul* *llow *n un*ut**nti**t**, r*mot* *tt**k*r to r*-si*n tok*ns usin* * k*y t**t is *m****** wit*in t** tok*n. T** vuln*r**ility is *u* to no**-jos* *ollowin* t** JSON W** Si*

Reasoning

T** vuln*r**ility st*ms *rom *utom*ti* trust in JWS *****r-*m****** JWK k*ys *urin* v*ri*i**tion. T** ***n**lo* *or *.**.* *xpli*itly s*ows t** ***ition o* *n '*llow*m******K*ys' option to *ontrol t*is ****vior, in*i**tin* t** v*ri*i**tion `*un*tion`

7.5

Basic Information

Concerned about an active attack path?

CVE-2018-0114: Cisco node-jose improper validation of JWT signature

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-0114:
Cisco node-jose improper validation of JWT signature

Vulnerability Intelligence
Miggo AI