CVE-2022-39227
Python-jwt subject to Authentication Bypass by Spoofing
In short
Python-jwt before version 3.3.4 allows attackers to forge JSON Web Tokens (JWTs) without knowing the secret key, enabling them to impersonate other users or bypass authentication. This is a critical vulnerability that affects any application relying on JWT validation.
Technical detail
CWE-290 (Authentication Bypass) vulnerability in python-jwt <3.3.4 allows attackers to arbitrarily modify JWT contents and forge valid tokens without possessing the signing secret, exploiting improper token verification. Pre-condition: application uses vulnerable library version. Impact: complete authentication bypass, identity spoofing, and session hijacking.
Summary generated and translated by AI from the official description.
python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
davedoesdev · python-jwtpublic PoCs found — 3
githubgithub.com/user0x1337/CVE-2022-39227★ 22githubgithub.com/melikesraoz/cve-2022-39227-jwt-auth-bypass-demo★ 1githubgithub.com/NoSpaceAvailable/CVE-2022-39227★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fphttps://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yamlhttps://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt