{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-23529", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2023-01-27T00:00:00", "dateRejected": "2023-01-27T00:00:00", "dateReserved": "2022-01-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-27T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none."}], "id": "CVE-2022-23529", "lastModified": "2023-11-07T03:44:12.440", "metrics": {}, "published": "2022-12-21T21:15:09.130", "references": [], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "jsonwebtoken: Insecure input validation in jwt.verify function", "id": "2159911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159911"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can perform remote code execution (RCE)."], "name": "CVE-2022-23529", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "noobaa-core-container", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-core-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2022-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23529\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23529\nhttps://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q"], "statement": "Red Hat Product Security does not consider this to be a vulnerability.", "upstream_fix": "jsonwebtoken 9.0.0"}