9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.
For example, even if a string of non Base64URL encoding characters such as !@$%
or \11
is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.
When jsrsasign’s JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.
By our internal assessment, CVSS 3.1 score will be 8.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Users validate JWS or JWT signatures should upgrade to 10.5.25.
Validate JWS or JWT signature if it has Base64URL and dot safe string before
executing JWS.verify() or JWS.verifyJWT() method.
Thanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for Snyk security team for this coordination.
https://github.com/kjur/jsrsasign/releases/tag/10.5.25
https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf kjur’s advisories
https://github.com/advisories/GHSA-3fvg-4v2m-98jf github advisories
https://vulners.com/cve/CVE-2022-25898
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify
https://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
github.com/kjur/jsrsasign
github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
github.com/kjur/jsrsasign/releases/tag/10.5.25
nvd.nist.gov/vuln/detail/CVE-2022-25898
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%