Описание
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/lightspeed-chatbot-rhel9 | Affected | ||
| Red Hat Quay 3 | quay/quay-rhel9 | Affected | ||
| Red Hat Satellite 6 | satellite/foreman-mcp-server-rhel9 | Affected | ||
| Red Hat Quay 3.12 | quay/quay-rhel8 | Fixed | RHSA-2026:4942 | 18.03.2026 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.
Authlib is a Python library which builds OAuth and OpenID Connect serv ...
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
EPSS
9.1 Critical
CVSS3