CVE-2020-15240 Regression in JWT Signature Validation

2020-10-2117:25:14

CWE-347

CWE-287

GitHub_M

www.cve.org

omniauth-auth0 rubygems jwt signature bypassauthentication cve-2020-15240 regression 2.3.0 2.4.1

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the jwt_validator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using omniauth-auth0. 2. You are using JWTValidator.verify method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.

CNA Affected

[
  {
    "product": "omniauth-auth0",
    "vendor": "auth0",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.3.0, <2.4.1"
      }
    ]
  }
]