CVE-2020-15222

Опубликовано: 24 сент. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the jti value is not checked. When using client authentication method "private_key_jwt", OpenId specification says the following about assertion jti: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not seem to check the uniqueness of this jti value. This problem is fixed in version 0.31.0.

Ссылки

https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
Patch
Third Party Advisory
https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43
Exploit
Third Party Advisory
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
Third Party Advisory
https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
Patch
Third Party Advisory
https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43
Exploit
Third Party Advisory
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*

Версия до 0.31.0 (исключая)

EPSS

Процентиль: 31%

0.00117

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-287

CWE-345

Связанные уязвимости

GHSA-v3q9-2p3m-7g43