CVE-2017-12973 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.1 LOW	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 65%

Vendor	Product	Version
connect2id	nimbus_jose\+jwt	1.0
connect2id	nimbus_jose\+jwt	1.1
connect2id	nimbus_jose\+jwt	1.2
connect2id	nimbus_jose\+jwt	1.3
connect2id	nimbus_jose\+jwt	1.4
connect2id	nimbus_jose\+jwt	1.5
connect2id	nimbus_jose\+jwt	1.6
connect2id	nimbus_jose\+jwt	1.7
connect2id	nimbus_jose\+jwt	1.8
connect2id	nimbus_jose\+jwt	1.9
connect2id	nimbus_jose\+jwt	1.9.1
connect2id	nimbus_jose\+jwt	1.10
connect2id	nimbus_jose\+jwt	1.11
connect2id	nimbus_jose\+jwt	1.12
connect2id	nimbus_jose\+jwt	2.0
connect2id	nimbus_jose\+jwt	2.0.1
connect2id	nimbus_jose\+jwt	2.1
connect2id	nimbus_jose\+jwt	2.1.1
connect2id	nimbus_jose\+jwt	2.2
connect2id	nimbus_jose\+jwt	2.3
connect2id	nimbus_jose\+jwt	2.4
connect2id	nimbus_jose\+jwt	2.5
connect2id	nimbus_jose\+jwt	2.6
connect2id	nimbus_jose\+jwt	2.7
connect2id	nimbus_jose\+jwt	2.8
connect2id	nimbus_jose\+jwt	2.9
connect2id	nimbus_jose\+jwt	2.10
connect2id	nimbus_jose\+jwt	2.10.1
connect2id	nimbus_jose\+jwt	2.11.0
connect2id	nimbus_jose\+jwt	2.12.0
connect2id	nimbus_jose\+jwt	2.13.0
connect2id	nimbus_jose\+jwt	2.13.1
connect2id	nimbus_jose\+jwt	2.14
connect2id	nimbus_jose\+jwt	2.15
connect2id	nimbus_jose\+jwt	2.15.1
connect2id	nimbus_jose\+jwt	2.15.2
connect2id	nimbus_jose\+jwt	2.16
connect2id	nimbus_jose\+jwt	2.17
connect2id	nimbus_jose\+jwt	2.17.1
connect2id	nimbus_jose\+jwt	2.17.2
connect2id	nimbus_jose\+jwt	2.18
connect2id	nimbus_jose\+jwt	2.18.1
connect2id	nimbus_jose\+jwt	2.18.2
connect2id	nimbus_jose\+jwt	2.19
connect2id	nimbus_jose\+jwt	2.19.1
connect2id	nimbus_jose\+jwt	2.20
connect2id	nimbus_jose\+jwt	2.21
connect2id	nimbus_jose\+jwt	2.22
connect2id	nimbus_jose\+jwt	2.22.1
connect2id	nimbus_jose\+jwt	2.23
connect2id	nimbus_jose\+jwt	2.24
connect2id	nimbus_jose\+jwt	2.25
connect2id	nimbus_jose\+jwt	2.26
connect2id	nimbus_jose\+jwt	2.26.1
connect2id	nimbus_jose\+jwt	3.0
connect2id	nimbus_jose\+jwt	3.1
connect2id	nimbus_jose\+jwt	3.1.1
connect2id	nimbus_jose\+jwt	3.1.2
connect2id	nimbus_jose\+jwt	3.2
connect2id	nimbus_jose\+jwt	3.2.1
connect2id	nimbus_jose\+jwt	3.2.2
connect2id	nimbus_jose\+jwt	3.3
connect2id	nimbus_jose\+jwt	3.4
connect2id	nimbus_jose\+jwt	3.5
connect2id	nimbus_jose\+jwt	3.6
connect2id	nimbus_jose\+jwt	3.7
connect2id	nimbus_jose\+jwt	3.8
connect2id	nimbus_jose\+jwt	3.8.1
connect2id	nimbus_jose\+jwt	3.8.2
connect2id	nimbus_jose\+jwt	3.9
connect2id	nimbus_jose\+jwt	3.9.1
connect2id	nimbus_jose\+jwt	3.9.2
connect2id	nimbus_jose\+jwt	3.10
connect2id	nimbus_jose\+jwt	4.0
connect2id	nimbus_jose\+jwt	4.0.1
connect2id	nimbus_jose\+jwt	4.1
connect2id	nimbus_jose\+jwt	4.1.1
connect2id	nimbus_jose\+jwt	4.2
connect2id	nimbus_jose\+jwt	4.3
connect2id	nimbus_jose\+jwt	4.3.1
connect2id	nimbus_jose\+jwt	4.4
connect2id	nimbus_jose\+jwt	4.5
connect2id	nimbus_jose\+jwt	4.6
connect2id	nimbus_jose\+jwt	4.7
connect2id	nimbus_jose\+jwt	4.8
connect2id	nimbus_jose\+jwt	4.9
connect2id	nimbus_jose\+jwt	4.10
connect2id	nimbus_jose\+jwt	4.11
connect2id	nimbus_jose\+jwt	4.11.1
connect2id	nimbus_jose\+jwt	4.11.2
connect2id	nimbus_jose\+jwt	4.12
connect2id	nimbus_jose\+jwt	4.13
connect2id	nimbus_jose\+jwt	4.13.1
connect2id	nimbus_jose\+jwt	4.14
connect2id	nimbus_jose\+jwt	4.15
connect2id	nimbus_jose\+jwt	4.15.1
connect2id	nimbus_jose\+jwt	4.16
connect2id	nimbus_jose\+jwt	4.16.1
connect2id	nimbus_jose\+jwt	4.16.2
connect2id	nimbus_jose\+jwt	4.17
connect2id	nimbus_jose\+jwt	4.18
connect2id	nimbus_jose\+jwt	4.19
connect2id	nimbus_jose\+jwt	4.20
connect2id	nimbus_jose\+jwt	4.21
connect2id	nimbus_jose\+jwt	4.22
connect2id	nimbus_jose\+jwt	4.23
connect2id	nimbus_jose\+jwt	4.24
connect2id	nimbus_jose\+jwt	4.25
connect2id	nimbus_jose\+jwt	4.26
connect2id	nimbus_jose\+jwt	4.26.1
connect2id	nimbus_jose\+jwt	4.27
connect2id	nimbus_jose\+jwt	4.27.1
connect2id	nimbus_jose\+jwt	4.28
connect2id	nimbus_jose\+jwt	4.29
connect2id	nimbus_jose\+jwt	4.30
connect2id	nimbus_jose\+jwt	4.31
connect2id	nimbus_jose\+jwt	4.31.1
connect2id	nimbus_jose\+jwt	4.32
connect2id	nimbus_jose\+jwt	4.33
connect2id	nimbus_jose\+jwt	4.34
connect2id	nimbus_jose\+jwt	4.34.1
connect2id	nimbus_jose\+jwt	4.34.2
connect2id	nimbus_jose\+jwt	4.35
connect2id	nimbus_jose\+jwt	4.36.1
connect2id	nimbus_jose\+jwt	4.37
connect2id	nimbus_jose\+jwt	4.37.1
connect2id	nimbus_jose\+jwt	4.38

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-354 - Improper Validation of Integrity Check Value
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt