CVE-2023-23928

reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ulrikstrid/reason-jose/commit/36cd724db3cbec121757624da49072386bd869e5	Patch Third Party Advisory
https://github.com/ulrikstrid/reason-jose/releases/tag/v0.8.2	Release Notes Third Party Advisory
https://github.com/ulrikstrid/reason-jose/security/advisories/GHSA-7jj9-6qwv-wpm7	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:reason-jose_project:reason-jose:*:*:*:*:*:*:*:*

History

01 Feb 2023, 13:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-01 01:15

Updated : 2024-02-04 23:14

NVD link : CVE-2023-23928

Mitre link : CVE-2023-23928

CVE.ORG link : CVE-2023-23928

JSON object : View

Products Affected

reason-jose_project

reason-jose

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2023-23928", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.6}]}, "published": "2023-02-01T01:15:09.023", "references": [{"url": "https://github.com/ulrikstrid/reason-jose/commit/36cd724db3cbec121757624da49072386bd869e5", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ulrikstrid/reason-jose/releases/tag/v0.8.2", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ulrikstrid/reason-jose/security/advisories/GHSA-7jj9-6qwv-wpm7", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2."}], "lastModified": "2023-02-08T01:27:45.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:reason-jose_project:reason-jose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B7FDB28-C0C1-4092-80FE-FA8E7470E608", "versionEndExcluding": "0.8.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}