Description

The scanner detected a SQL injection vulnerability in a JSON Web Token's 'kid' header parameter. This allows for the forgery of valid JSON Web Tokens with arbitrary payloads. Attackers might be able to tamper with the values inside the JWT token payload and escalate privileges, impersonate users or trigger unintended application states that were meant to be prevented by the use of a tamper-proof token solution.

Remediation

In order to fix this vulnerability, the underlying SQL injection vulnerability has to be fixed first. It is important that the 'kid' parameter is free from any injection vulnerabilities and has a proper fallback on error conditions, such as invalid data which is returned from the respective storage solution of the secret key.

References

JSON Web Token attacks and vulnerabilities

Related Vulnerabilities

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.13)

Drupal Core 7.x Security Bypass (7.0 - 7.2)

WordPress Plugin YITH WooCommerce Zoom Magnifier Security Bypass (1.3.11)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Security Bypass (2.3.2.1)

WordPress Plugin Catch Gallery Security Bypass (1.6.8)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:L

Tags

Authentication Bypass