Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44337
HistoryNov 21, 2023 - 10:40 a.m.

Improper Authorization

2023-11-2110:40:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
nextauth.js
vulnerability
improper authorization
jwt
cookie
oauth

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the next-auth.session-token cookie value with this non-related JWT would let the user simulate a logged in user and the malicious actor can peek at logged in user states. (e.g. dashboard layout). next-auth applications that rely on the default Middleware authorization are only affected.

CPENameOperatorVersion
next-authle4.24.4
next-authle4.24.4

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

Related for VERACODE:44337