Lucene search
GoogleOSV:CVE-2020-15240HistoryOct 21, 2020 - 6:15 p.m.
CVE-2020-15240
2020-10-2118:15:12
Google
osv.dev
7
omniauth-auth0
rubygems
jwt token
signature validation
vulnerability
patch
2.4.1
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the jwt_validator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using omniauth-auth0. 2. You are using JWTValidator.verify method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.
Related
osv
osv
Regression in JWT Signature Validation
2020-11-03 02:31:38
nvd
nvd
CVE-2020-15240
2020-10-21 18:15:12
veracode
veracode
Authorization Bypass
2020-10-22 06:19:53
rubygems
rubygems
Regression in JWT Signature Validation
2020-11-02 21:00:00
prion
prion
Authorization
2020-10-21 18:15:00
debiancve
debiancve
CVE-2020-15240
2020-10-21 18:15:12
cvelist
cvelist
CVE-2020-15240 Regression in JWT Signature Validation
2020-10-21 17:25:14
ubuntucve
ubuntucve
CVE-2020-15240
2020-10-21 00:00:00
github
github
Regression in JWT Signature Validation
2020-11-03 02:31:38
cve
cve
CVE-2020-15240
2020-10-21 18:15:12