6.5 Medium
AI Score
Confidence
Low
3scaleβs gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus to bypass security restrictions for the user.
bugzilla.redhat.com/show_bug.cgi?id=2062877
nvd.nist.gov/vuln/detail/CVE-2022-0931
www.cve.org/CVERecord?id=CVE-2022-0931