CVE-2019-1010161

Published: Jul 25, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.

Affected (1)

Products: Perl Crypt Jwt Project: Perl Crypt Jwt

Perl Crypt Jwt Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Perl Crypt Jwt Project Perl Crypt Jwt	Up to 0.022

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483

Source: josh@bress.net

Third Party Advisory

https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.