3 matches found
CVE-2021-29455
Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT...
CVE-2021-29455 Missing validation of JWT signature in `grassrootza/grassroot-platform`
Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT...
CVE-2021-29455
Grassroot Platform (Grassroot Platform) has a JWT signature verification flaw during refresh, allowing forging a valid JWT. Root cause: JWTs are not properly verified when refreshing an existing token. Impact stated as enabling partial integrity compromise, with no confidentiality breach noted in...