5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.9%
next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the next-auth.session-token
cookie value with this non-related JWT would let the user simulate a logged in user and the malicious actor can peek at logged in user states. (e.g. dashboard layout). next-auth applications that rely on the default Middleware authorization are only affected.
authjs.dev/guides/basics/role-based-access-control
github.com/nextauthjs/next-auth/commit/d237059b6d0cb868c041ba18b698e0cee20a2f10
github.com/nextauthjs/next-auth/security/advisories/GHSA-v64w-49xw-qq89
next-auth.js.org/configuration/nextjs#advanced-usage
next-auth.js.org/configuration/nextjs#middlewar
next-auth.js.org/configuration/nextjs#middleware
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.9%