GHSA-45fh-g845-pj9w

Suggest an improvement
Source
https://github.com/advisories/GHSA-45fh-g845-pj9w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-45fh-g845-pj9w/GHSA-45fh-g845-pj9w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-45fh-g845-pj9w
Aliases
Published
2022-05-24T16:51:23Z
Modified
2023-11-08T04:01:08.293435Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Auth0 Passport-SharePoint does not validate JWT signature
Details

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.

References

Affected packages

npm / passport-sharepoint

Package

Name
passport-sharepoint
View open source insights on deps.dev
Purl
pkg:npm/passport-sharepoint

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.0