CVE-2017-12972 (GCVE-0-2017-12972)

Vulnerability from cvelistv5 – Published: 2017-08-20 16:00 – Updated: 2024-08-05 18:51
VLAI
Summary
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
Severity
7.5 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE
  • n/a
Assigner
References
Date Public
2017-08-20 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:51:07.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
          },
          {
            "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-16T01:06:58.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
        },
        {
          "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-12972",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
            },
            {
              "name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
            },
            {
              "name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-12972",
    "datePublished": "2017-08-20T16:00:00.000Z",
    "dateReserved": "2017-08-20T00:00:00.000Z",
    "dateUpdated": "2024-08-05T18:51:07.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-12972",
      "date": "2026-06-18",
      "epss": "0.00888",
      "percentile": "0.54612"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3D2BDED-6749-4862-9D2D-54D871BDC8F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C7AD668-E307-4B4A-9BE8-E837DE4F717C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAF9F006-8B1B-4448-8778-423A6A1F3DC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7206DFE0-70A4-4E06-BE7F-D8FA8C62A094\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A91050A7-FAE4-4080-B53C-F77420CBF9FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7E63FFD-9C37-4AFD-843E-2ED4235EE399\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AFC1A72-B7A1-42D3-BA3E-C009F041692D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7891E427-B4D0-4E4A-9F5B-4A9122B72ED4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3A76765-2D77-4C79-9E0E-B6A613835F51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEC445F4-0859-4287-A22F-361CB2F3D037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84BA3A10-0631-41B3-930E-D56A0AE6A273\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A5B2D3A-EEF6-4147-A779-44E02AB395C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71010D0A-F4E0-4935-8809-F8E995BFA86C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41465ADD-A6B9-4F80-80EF-B636997EA707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9F8CA64-C93D-43E4-8EB4-3D4797008DF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36364548-4CE5-467A-BA83-5E742AB2593C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46518146-4629-4ACD-B313-339BCB30F1A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45973290-BB00-4376-A965-1A49CAC438E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE1BAB53-F7B9-4D29-88AA-C661E7899CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0193A1C-E481-401C-B6EB-AC519FD26B67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB7B82D5-29EE-422D-B1E4-B3F6397307F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2848658B-357A-4DAF-9B03-ACFBC3FAF0EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB464C1-DA4B-44ED-A412-810B9AA189E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"431AD7BC-0959-4FEB-955A-9D194224DFB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4063DCC0-C019-49B2-8FBC-3C6E002D271B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A58E19F-C057-45FD-AB6D-8E0B3C3435F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2634E6C8-BC82-4108-B56D-A54215D5CBEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"848C9121-0AD9-48CC-AFEF-A31F31486F3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"396692A2-8D0D-41FB-AC89-860113B5095E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB27BDBF-0174-49F3-9E0B-763C3295ED5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43B070AE-3C83-45BA-BA17-23CF14C01BA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62E42F44-32C1-42C4-95AE-6B39CBE8215E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03B6591B-133D-4D26-975E-CB7BACAAAB53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B43E0F8B-851B-47DE-9756-93B7F289C853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"899B28A8-9399-4D4A-A148-3D6A370235E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB4503D-6395-419E-A114-B919C80C676C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38364B69-9544-4DFE-8005-257966E0A118\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2877D83-1126-40CF-B537-6A59E79B4432\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A94B0B2A-D953-448E-895E-7B64EC527A48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48EA3A68-BB92-40C8-A499-3A355CC0C2BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8918A7A3-0CBA-4CA2-9F6D-EA077747E004\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C686C25-7B32-4100-8A45-A74F71DBAE58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09D27567-5D24-4213-B02E-49F17F738D5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D22B26BE-378A-4A19-BF62-C88236D798D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3184E5FE-9689-4036-84A5-96E368EFA4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"080D89F9-2CC0-44C7-A23D-268658708AA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F362B31F-A7A0-4BEF-A51D-51A7E465486D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E57CA1D-10EE-4C07-A67A-52B9AAA95335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F422D307-57B2-4FA5-814C-441E5C229159\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96DA3D0D-7782-42DA-AAA2-DE44B2B67360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"978B4A23-8F2F-494C-957B-BCFD72FAD731\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0985B2D-A96C-484A-B693-54C746024386\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A722D35B-1B21-42BC-A408-7437C9CEC5FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB5F53D-F786-45C5-A3E6-D20501F6AE41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F095DBDD-265E-4603-868E-8C4E3DCD5532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38CD047F-EFC2-47CE-A405-B107EEDCC46C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"963A6125-A5D7-4113-83D6-2C3C88F241B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41D46507-7624-446D-B75C-F1D2F9716EEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D76BC618-1F55-4FCB-A97C-616AC36F3C58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6912C07-AF3F-44F4-964C-419C5AC1C8B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCF903D4-539F-4AA6-A30E-52022F06B8B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1B7AA70-C87D-4900-8DD6-A522A47EDDF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7927D451-07DB-4414-99DB-80DD9598F2EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"874C9354-4C0B-4F05-8B04-196ECFF983B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F309097C-98E3-467E-A1ED-92C25620F54A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72AA6D9F-DD84-42A8-88E5-FDF049722825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12957562-6B96-4482-A4DB-A08B396F3B65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1B0E66-5556-4F95-9B65-EF7235A5F249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99DE57AC-021B-432D-AC88-5233E79CA3E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D71EC2F3-E793-48A4-956A-B9E097ED4FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10E92D26-7241-453C-A72B-134EAFE123C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB0A69F-E99A-4E9F-9533-3B0498CE0F62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBD474EC-34E4-480E-A6D6-E38AA45A024E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D5DC51A-99A4-4F80-A969-08CD423576EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A46F965D-BF09-4834-80B1-3BD43B5319AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD3F3776-7963-4FF2-8E14-8530F8DF5B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEBB3337-A2BB-4795-8500-4A7DA2513B3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"284AD842-9C1D-4B59-A265-55F86F4B6F36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CF725FA-FC45-45F4-8109-796CC0D56D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"085AA1DF-FB71-4663-BF34-E91180FC3822\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68601D0B-E05A-478F-AB8B-61432036DC43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB3F14BD-7BE0-42EE-A895-804DCAD108C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"561929A8-4D82-429E-908F-DECA493F3237\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED7261E1-4125-45C7-980D-256950A7B886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86416AA0-CCD5-4780-8A41-724C7AAC9A79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"247027A4-E5EA-4584-9A3E-8F62987123D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69E0DB99-22D1-4AE4-BD9F-78F55D19D400\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CB4D8B7-F73E-4B38-86A3-0656E6A2191F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07686354-6652-4FFE-9BBC-905F8AD5632F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B77C8B71-BC12-4645-AB1C-893F28F07414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C72D36D-2E37-446C-AE45-1433F2BF6449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"149B96B8-1DEB-4620-8C2D-D03A593D5ACB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A3D07E-40B7-4730-A666-640FE212A964\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77A42AAD-E7BA-434C-816E-9C606AE66CE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5095CB6A-7159-498D-9E0A-36245B7D7EB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BFDA0B1-1B68-49CE-9AF2-FD8F62441317\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17270178-8541-412C-AE9D-7ADE694DB39C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE6ECBB9-F71E-4E04-8C1E-349650DE2F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6AFDEAF-CD55-495A-9B12-F131FE454FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A39BB9C-2183-45DA-8236-D31125B447BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D62612F6-5774-4EAA-ACC1-A837256163FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FDB6684-DF68-4334-ADB4-484731DAEE61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"842555FA-61DC-40C1-AE26-319E10D63D52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D15C6517-0B9B-4C36-BD34-80D7803FACCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3BAF720-023A-4563-AD85-6CB70772A02F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.36.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B1995BF-76DB-4DC9-8FBA-824D8C4793EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD399CAD-D6DB-4FED-B537-C857D40D0BB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26AE6158-7F92-4873-A0E4-CC9701F6CA14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.\"}, {\"lang\": \"es\", \"value\": \"En Nimbus JOSE+JWT en versiones anteriores a la 4.39 no hay comprobaci\\u00f3n de desbordamiento de enteros al convertir valores de longitud de bytes a bits, lo que permite que atacantes lleven a cabo ataques de omisi\\u00f3n HMAC mediante el cambio de Additional Authenticated Data (AAD) y texto cifrado. As\\u00ed, se obtiene texto plano diferente a partir del mismo HMAC.\"}]",
      "id": "CVE-2017-12972",
      "lastModified": "2024-11-21T03:10:33.007",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-20T16:29:00.237",
      "references": "[{\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-12972\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-20T16:29:00.237\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.\"},{\"lang\":\"es\",\"value\":\"En Nimbus JOSE+JWT en versiones anteriores a la 4.39 no hay comprobaci\u00f3n de desbordamiento de enteros al convertir valores de longitud de bytes a bits, lo que permite que atacantes lleven a cabo ataques de omisi\u00f3n HMAC mediante el cambio de Additional Authenticated Data (AAD) y texto cifrado. As\u00ed, se obtiene texto plano diferente a partir del mismo HMAC.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D2BDED-6749-4862-9D2D-54D871BDC8F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C7AD668-E307-4B4A-9BE8-E837DE4F717C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF9F006-8B1B-4448-8778-423A6A1F3DC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7206DFE0-70A4-4E06-BE7F-D8FA8C62A094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A91050A7-FAE4-4080-B53C-F77420CBF9FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E63FFD-9C37-4AFD-843E-2ED4235EE399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFC1A72-B7A1-42D3-BA3E-C009F041692D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7891E427-B4D0-4E4A-9F5B-4A9122B72ED4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A76765-2D77-4C79-9E0E-B6A613835F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC445F4-0859-4287-A22F-361CB2F3D037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84BA3A10-0631-41B3-930E-D56A0AE6A273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5B2D3A-EEF6-4147-A779-44E02AB395C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71010D0A-F4E0-4935-8809-F8E995BFA86C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41465ADD-A6B9-4F80-80EF-B636997EA707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F8CA64-C93D-43E4-8EB4-3D4797008DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36364548-4CE5-467A-BA83-5E742AB2593C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46518146-4629-4ACD-B313-339BCB30F1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45973290-BB00-4376-A965-1A49CAC438E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1BAB53-F7B9-4D29-88AA-C661E7899CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0193A1C-E481-401C-B6EB-AC519FD26B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7B82D5-29EE-422D-B1E4-B3F6397307F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2848658B-357A-4DAF-9B03-ACFBC3FAF0EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB464C1-DA4B-44ED-A412-810B9AA189E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"431AD7BC-0959-4FEB-955A-9D194224DFB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4063DCC0-C019-49B2-8FBC-3C6E002D271B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A58E19F-C057-45FD-AB6D-8E0B3C3435F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2634E6C8-BC82-4108-B56D-A54215D5CBEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848C9121-0AD9-48CC-AFEF-A31F31486F3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"396692A2-8D0D-41FB-AC89-860113B5095E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB27BDBF-0174-49F3-9E0B-763C3295ED5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43B070AE-3C83-45BA-BA17-23CF14C01BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E42F44-32C1-42C4-95AE-6B39CBE8215E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B6591B-133D-4D26-975E-CB7BACAAAB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43E0F8B-851B-47DE-9756-93B7F289C853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"899B28A8-9399-4D4A-A148-3D6A370235E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB4503D-6395-419E-A114-B919C80C676C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38364B69-9544-4DFE-8005-257966E0A118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2877D83-1126-40CF-B537-6A59E79B4432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A94B0B2A-D953-448E-895E-7B64EC527A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EA3A68-BB92-40C8-A499-3A355CC0C2BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8918A7A3-0CBA-4CA2-9F6D-EA077747E004\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C686C25-7B32-4100-8A45-A74F71DBAE58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D27567-5D24-4213-B02E-49F17F738D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D22B26BE-378A-4A19-BF62-C88236D798D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3184E5FE-9689-4036-84A5-96E368EFA4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"080D89F9-2CC0-44C7-A23D-268658708AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F362B31F-A7A0-4BEF-A51D-51A7E465486D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E57CA1D-10EE-4C07-A67A-52B9AAA95335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F422D307-57B2-4FA5-814C-441E5C229159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DA3D0D-7782-42DA-AAA2-DE44B2B67360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"978B4A23-8F2F-494C-957B-BCFD72FAD731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0985B2D-A96C-484A-B693-54C746024386\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A722D35B-1B21-42BC-A408-7437C9CEC5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB5F53D-F786-45C5-A3E6-D20501F6AE41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F095DBDD-265E-4603-868E-8C4E3DCD5532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CD047F-EFC2-47CE-A405-B107EEDCC46C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"963A6125-A5D7-4113-83D6-2C3C88F241B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41D46507-7624-446D-B75C-F1D2F9716EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D76BC618-1F55-4FCB-A97C-616AC36F3C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6912C07-AF3F-44F4-964C-419C5AC1C8B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF903D4-539F-4AA6-A30E-52022F06B8B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1B7AA70-C87D-4900-8DD6-A522A47EDDF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7927D451-07DB-4414-99DB-80DD9598F2EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"874C9354-4C0B-4F05-8B04-196ECFF983B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F309097C-98E3-467E-A1ED-92C25620F54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72AA6D9F-DD84-42A8-88E5-FDF049722825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12957562-6B96-4482-A4DB-A08B396F3B65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1B0E66-5556-4F95-9B65-EF7235A5F249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99DE57AC-021B-432D-AC88-5233E79CA3E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D71EC2F3-E793-48A4-956A-B9E097ED4FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E92D26-7241-453C-A72B-134EAFE123C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB0A69F-E99A-4E9F-9533-3B0498CE0F62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBD474EC-34E4-480E-A6D6-E38AA45A024E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D5DC51A-99A4-4F80-A969-08CD423576EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A46F965D-BF09-4834-80B1-3BD43B5319AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3F3776-7963-4FF2-8E14-8530F8DF5B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBB3337-A2BB-4795-8500-4A7DA2513B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"284AD842-9C1D-4B59-A265-55F86F4B6F36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CF725FA-FC45-45F4-8109-796CC0D56D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085AA1DF-FB71-4663-BF34-E91180FC3822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68601D0B-E05A-478F-AB8B-61432036DC43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB3F14BD-7BE0-42EE-A895-804DCAD108C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"561929A8-4D82-429E-908F-DECA493F3237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED7261E1-4125-45C7-980D-256950A7B886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86416AA0-CCD5-4780-8A41-724C7AAC9A79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"247027A4-E5EA-4584-9A3E-8F62987123D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E0DB99-22D1-4AE4-BD9F-78F55D19D400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB4D8B7-F73E-4B38-86A3-0656E6A2191F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07686354-6652-4FFE-9BBC-905F8AD5632F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77C8B71-BC12-4645-AB1C-893F28F07414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C72D36D-2E37-446C-AE45-1433F2BF6449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"149B96B8-1DEB-4620-8C2D-D03A593D5ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A3D07E-40B7-4730-A666-640FE212A964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A42AAD-E7BA-434C-816E-9C606AE66CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5095CB6A-7159-498D-9E0A-36245B7D7EB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFDA0B1-1B68-49CE-9AF2-FD8F62441317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17270178-8541-412C-AE9D-7ADE694DB39C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE6ECBB9-F71E-4E04-8C1E-349650DE2F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6AFDEAF-CD55-495A-9B12-F131FE454FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A39BB9C-2183-45DA-8236-D31125B447BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D62612F6-5774-4EAA-ACC1-A837256163FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FDB6684-DF68-4334-ADB4-484731DAEE61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"842555FA-61DC-40C1-AE26-319E10D63D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D15C6517-0B9B-4C36-BD34-80D7803FACCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3BAF720-023A-4563-AD85-6CB70772A02F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.36.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B1995BF-76DB-4DC9-8FBA-824D8C4793EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD399CAD-D6DB-4FED-B537-C857D40D0BB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AE6158-7F92-4873-A0E4-CC9701F6CA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28\"}]}]}],\"references\":[{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.