cnvd - cnvd-2020-51419

cnvd-2020-51419

Vulnerability from cnvd

Title: Auth0 express-jwt授权问题漏洞

Description:

Auth0 express-jwt是美国Auth0公司的一款支持通过jsonwebtoken模块验证JWT（JSON Web令牌）的软件包。

Auth0 express-jwt 5.3.3及之前版本（NPM软件包）中存在授权问题漏洞，攻击者可借助特制请求利用该漏洞绕过授权。

Severity: 中

Patch Name: Auth0 express-jwt授权问题漏洞的补丁

Patch Description:

Auth0 express-jwt是美国Auth0公司的一款支持通过jsonwebtoken模块验证JWT（JSON Web令牌）的软件包。

Auth0 express-jwt 5.3.3及之前版本（NPM软件包）中存在授权问题漏洞，攻击者可借助特制请求利用该漏洞绕过授权。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15084

Impacted products

Name
Auth0 express-jwt <=5.3.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15084"
    }
  },
  "description": "Auth0 express-jwt\u662f\u7f8e\u56fdAuth0\u516c\u53f8\u7684\u4e00\u6b3e\u652f\u6301\u901a\u8fc7jsonwebtoken\u6a21\u5757\u9a8c\u8bc1JWT\uff08JSON Web\u4ee4\u724c\uff09\u7684\u8f6f\u4ef6\u5305\u3002\n\nAuth0 express-jwt 5.3.3\u53ca\u4e4b\u524d\u7248\u672c\uff08NPM\u8f6f\u4ef6\u5305\uff09\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6388\u6743\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-51419",
  "openTime": "2020-09-10",
  "patchDescription": "Auth0 express-jwt\u662f\u7f8e\u56fdAuth0\u516c\u53f8\u7684\u4e00\u6b3e\u652f\u6301\u901a\u8fc7jsonwebtoken\u6a21\u5757\u9a8c\u8bc1JWT\uff08JSON Web\u4ee4\u724c\uff09\u7684\u8f6f\u4ef6\u5305\u3002\r\n\r\nAuth0 express-jwt 5.3.3\u53ca\u4e4b\u524d\u7248\u672c\uff08NPM\u8f6f\u4ef6\u5305\uff09\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6388\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Auth0 express-jwt\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Auth0 express-jwt \u003c=5.3.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15084",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-01",
  "title": "Auth0 express-jwt\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2020-15084 (GCVE-0-2020-15084)

Vulnerability from cvelistv5

Published

2020-06-30 16:10

Modified

2024-08-04 13:08

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-285 - Improper Authorization

Summary

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.

References

▼	URL	Tags
	https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf	x_refsource_CONFIRM
	https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	auth0	express-jwt	Version: <= 5.3.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:21.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express-jwt",
          "vendor": "auth0",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 5.3.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-30T16:10:12",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef"
        }
      ],
      "source": {
        "advisory": "GHSA-6g6m-m6h5-w9gf",
        "discovery": "UNKNOWN"
      },
      "title": "Authorization bypass in express-jwt",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15084",
          "STATE": "PUBLIC",
          "TITLE": "Authorization bypass in express-jwt"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "express-jwt",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 5.3.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "auth0"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf",
              "refsource": "CONFIRM",
              "url": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"
            },
            {
              "name": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef",
              "refsource": "MISC",
              "url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-6g6m-m6h5-w9gf",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15084",
    "datePublished": "2020-06-30T16:10:12",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:21.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted