Description
The scanner detected a path traversal vulnerability in a JSON Web Token's 'kid' header parameter. This allows for the forgery of valid JSON Web Tokens with arbitrary payloads. Attackers might be able to tamper with the values inside the JWT token payload and escalate privileges, impersonate users or trigger unintended application states that were meant to be prevented by the use of a tamper-proof token solution.
Remediation
In order to fix this vulnerability, the underlying path traversal vulnerability has to be fixed first. It is important that the 'kid' parameter is free from any injection vulnerabilities and has a proper fallback on error conditions, such as invalid data which is returned from the respective storage solution of the secret key.
References
Related Vulnerabilities
WordPress Plugin Advanced Forms for ACF Security Bypass (1.6.8)
WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7)
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
WordPress Plugin ImportWP-Import any XML or CSV File into WordPress Security Bypass (1.1.5)
WordPress Plugin Woocommerce User Email Verification Security Bypass (3.3.0)