CVE-2015-9235 - Vulnerability Details - OpenCVE

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.33525.

Key SSVC decision points have not yet been added.

Vendors	Products
Auth0	Jsonwebtoken

Configuration 1 [-]

cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:*

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-c7hr-j4mj-j2w6	Verification Bypass in jsonwebtoken

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
https://nodesecurity.io/advisories/17
https://nvd.nist.gov/vuln/detail/CVE-2015-9235
https://www.cve.org/CVERecord?id=CVE-2015-9235
https://www.timmclean.net/2015/02/25/jwt-alg-none.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-05-29T20:00:00Z

Updated: 2024-09-16T23:05:54.010Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2015-9235

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-29T20:29:00.330

Modified: 2024-11-21T02:40:07.100

Link: CVE-2015-9235

Redhat

Severity : Important

Publid Date: 2018-03-31T00:00:00Z

Links: CVE-2015-9235 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "jsonwebtoken node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": "<4.2.2"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-30T12:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/17"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687"}, {"tags": ["x_refsource_MISC"], "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2015-9235", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "jsonwebtoken node module", "version": {"version_data": [{"version_value": "<4.2.2"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Input Validation (CWE-20)"}]}]}, "references": {"reference_data": [{"name": "https://nodesecurity.io/advisories/17", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/17"}, {"name": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687", "refsource": "MISC", "url": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687"}, {"name": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", "refsource": "MISC", "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/"}, {"name": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html", "refsource": "MISC", "url": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:43:41.633Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nodesecurity.io/advisories/17"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2015-9235", "datePublished": "2018-05-29T20:00:00Z", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2024-09-16T23:05:54.010Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "D90A8240-8BE4-4F66-A105-1966D8DE336A", "versionEndExcluding": "4.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)."}, {"lang": "es", "value": "En el m\u00f3dulo jsonwebtoken node en versiones anteriores a la 4.2.2 es posible que un atacante omita la verificaci\u00f3n cuando un token firmado digitalmente con una clave asim\u00e9trica (familia RS/ES) de algoritmos pero, en su lugar, el atacante env\u00eda un token firmado digitalmente con un algoritmo sim\u00e9trico (familia HS*)."}], "id": "CVE-2015-9235", "lastModified": "2024-11-21T02:40:07.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-29T20:29:00.330", "references": [{"source": "support@hackerone.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/17"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.timmclean.net/2015/02/25/jwt-alg-none.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}