CVE-2020-28042

🗓️ 01 Nov 2020 04:50:48Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 74 Views

ServiceStack before 5.9.2 mishandles JWT signature verification without custom ValidateToken functio

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2020-28042	2 Aug 202310:00	–	circl
Cvelist	CVE-2020-28042	1 Nov 202004:50	–	cvelist
Github Security Blog	Signature validation bypass in ServiceStack	13 Jan 202119:13	–	github
NVD	CVE-2020-28042	2 Nov 202021:15	–	nvd
OSV	GHSA-V5RV-HPXG-8X49 Signature validation bypass in ServiceStack	13 Jan 202119:13	–	osv
Prion	Code injection	2 Nov 202021:15	–	prion
RedhatCVE	CVE-2020-28042	22 May 202515:06	–	redhatcve
Veracode	Signature Validation Bypass	3 Nov 202003:38	–	veracode

NVD

Node

Source	Link
github	www.github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
forums	www.forums.servicestack.net/t/servicestack-v5-9-2-released/8850
shielder	www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
shielder	www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/

21 Nov 2024 05:22Current

5.2Medium risk

Vulners AI Score5.2

CVSS 25

CVSS 3.15.3

EPSS0.35995