Lucene search
HistoryFeb 08, 2024 - 5:15 p.m.
CVE-2024-25189
cve-2024-25189
libjwt
authentication
vulnerability
timing side channel
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.5%
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
Affected configurations
Node
bencollinsjwt_c_libraryMatch1.15.3
Related
osv
osv
libjwt - security update
2024-02-24 00:00:00
ubuntucve
ubuntucve
CVE-2024-25189
2024-02-08 00:00:00
nessus
nessus
Debian dla-3739 : libjwt-dev - security update
2024-04-08 00:00:00
debiancve
debiancve
CVE-2024-25189
2024-02-08 17:15:10
cve
cve
CVE-2024-25189
2024-02-08 17:15:10
debian
debian
[SECURITY] [DLA 3739-1] libjwt security update
2024-02-25 10:11:09
cvelist
cvelist
CVE-2024-25189
2024-02-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3739-1)
2024-02-26 00:00:00
prion
prion
Authentication flaw
2024-02-08 17:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.5%
Related for NVD:CVE-2024-25189