Miggo Logo

GHSA-4rr6-gf59-ggw5: namshi/jose - Verification bypass

N/A

CVSS Score

Basic Information

CVE ID
-
EPSS Score
-
CWE
-
Published
5/17/2024
Updated
5/17/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
namshi/josecomposer< 2.2.02.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper algorithm validation during JWT verification. The library's JWS::verify method likely relied on the 'alg' header from the untrusted token payload to determine the verification method, rather than enforcing the expected algorithm. This allowed attackers to forge tokens by specifying HMAC algorithms (like HS256) and using the public RSA/ECDSA key as an HMAC secret. The high confidence comes from the documented vulnerability pattern in JWT libraries and the patched version (2.2.0) indicating a fix in verification logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

S*v*r*l wi**ly-us** JSON W** Tok*n (JWT) li*r*ri*s, in*lu*in* no**-jsonw**tok*n, pyjwt, n*ms*i/jos*, p*p-jwt, *n* jsjwt, *r* *****t** *y *riti**l vuln*r**iliti*s t**t *oul* *llow *tt**k*rs to *yp*ss t** v*ri*i**tion st*p w**n usin* *symm*tri* k*ys (R

Reasoning

T** vuln*r**ility st*ms *rom improp*r *l*orit*m v*li**tion *urin* JWT v*ri*i**tion. T** li*r*ry's JWS::v*ri*y m*t*o* lik*ly r*li** on t** '*l*' *****r *rom t** untrust** tok*n p*ylo** to **t*rmin* t** v*ri*i**tion m*t*o*, r*t**r t**n *n*or*in* t** *x