CVE-2020-26160

ADVISORY - github

Summary

jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1

EPSS Score⁠: 0.00045 (0.137)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-287⁠

Improper Authentication

CWE-755⁠

Improper Handling of Exceptional Conditions

ADVISORY - github

CWE-287⁠

Improper Authentication

CWE-755⁠

Improper Handling of Exceptional Conditions

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-287⁠

Improper Authentication

CWE-755⁠

Improper Handling of Exceptional Conditions

CWE-862⁠

Missing Authorization

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-284⁠

Improper Access Control

Impacted images

Advisories

NIST

CREATED

5 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-287⁠CWE-755⁠

CVSS SCORE

7.5high

GitHub

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-w73w-5m7g-f7qc⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-287⁠CWE-755⁠

CVSS SCORE

7.5high

Alpine

CREATED

5 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

5 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

5 years ago

UPDATED

5 days ago

ADVISORY IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

GoLang

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY IDGO-2020-0017⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

5 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2020-26160

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-287⁠CWE-755⁠CWE-862⁠CWE-937⁠

CVSS SCORE

7.5high

Red Hat

CREATED

5 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5medium

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-6hxx-3pwx-j6mh

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-hpm9-h769-jfrh

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY