2 matches found
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...
CVE-2018-1000025
CVE-2018-1000025 affects Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0–3.8.0. Affected component: src/Firebase/Auth/IdTokenVerifier.php; root cause: token signature is not verified, enabling forging of JWTs with arbitrary email addresses and user IDs. Impact: improper access control via ...