Description

The scanner detected that the application supports the 'x5c' parameter in the header of a JSON Web Token (JWT). This parameter specifies the X.509 certificate chain used to verify the token's signature. Without proper validation of the certificate chain, an attacker may supply a malicious certificate, potentially enabling the creation of forged JWTs with arbitrary payloads. Attackers might be able to tamper with the values inside the JWT token payload and escalate privileges, impersonate users or trigger unintended application states that were meant to be prevented by the use of a tamper-proof token solution.

Remediation

To fix this vulnerability, you should either disable support for the 'x5c' header parameter or implement proper validation of the X.509 certificate chain specified in it. The server-side code responsible for checking the JWT token should be audited and fixed in order to allow for the proper verification of the provided signature.

Related Vulnerabilities

WordPress Plugin Visitor Traffic Real Time Statistics Security Bypass (2.11)

WordPress Plugin IgnitionDeck Security Bypass (1.1.6)

WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple Security Bypass Vulnerabilities (4.0.6)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.5.4)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:L

Tags

Authentication Bypass Owasp Api Broken Auth Owasp Api Misconfiguration