Lucene search

GoogleOSV:GHSA-R8GM-V65F-C973

HistoryOct 31, 2022 - 10:42 p.m.

acryl-datahub missing JWT signature check

2022-10-3122:42:57

Google

osv.dev

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.9%

JSON

Missing JWT signature check (`GHSL-2022-078`)

The StatelessTokenService of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the StatelessTokenService of the Metadata service uses the parse method of io.jsonwebtoken.JwtParser, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm.

Impact

This issue may lead to an authentication bypass.

Resources

CodeQL: Missing JWT signature check

CPENameOperatorVersion
acryl-datahubeq0.8.33rc1
acryl-datahubeq0.8.35.2
acryl-datahubeq0.8.15.9
acryl-datahubeq0.8.16.2
acryl-datahubeq0.8.43.3rc5
acryl-datahubeq0.8.15.1
acryl-datahubeq0.8.41.1
acryl-datahubeq0.8.44.3rc1
acryl-datahubeq0.8.31.4rc1
acryl-datahubeq0.8.33.1

Name	Operator	Version
acryl-datahub	eq	0.8.33rc1
acryl-datahub	eq	0.8.35.2
acryl-datahub	eq	0.8.15.9
acryl-datahub	eq	0.8.16.2
acryl-datahub	eq	0.8.43.3rc5
acryl-datahub	eq	0.8.15.1
acryl-datahub	eq	0.8.41.1
acryl-datahub	eq	0.8.44.3rc1
acryl-datahub	eq	0.8.31.4rc1
acryl-datahub	eq	0.8.33.1

Rows per page:

1-10 of 3211

References

codeql.github.com/codeql-query-help/java/java-missing-jwt-signature-check

github.com/datahub-project/datahub

github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/metadata-service/auth-impl/src/main/java/com/datahub/authentication/token/StatelessTokenService.java#L134

github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/metadata-service/auth-impl/src/main/java/com/datahub/authentication/token/StatelessTokenService.java#L30

github.com/datahub-project/datahub/releases/tag/v0.8.45

github.com/datahub-project/datahub/security/advisories/GHSA-r8gm-v65f-c973

nvd.nist.gov/vuln/detail/CVE-2022-39366

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for OSV:GHSA-R8GM-V65F-C973

acryl-datahub missing JWT signature check

Missing JWT signature check (GHSL-2022-078)

Impact

Resources

References

Related

Missing JWT signature check (`GHSL-2022-078`)