CVE-2020-26160

SOURCE - github

Summary

jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1

EPSS Score⁠: 0.00193 (0.566)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-287⁠

Improper Authentication

CWE-755⁠

Improper Handling of Exceptional Conditions

SOURCE - github

CWE-287⁠

Improper Authentication

CWE-755⁠

Improper Handling of Exceptional Conditions

SOURCE - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-287⁠

Improper Authentication

CWE-755⁠

Improper Handling of Exceptional Conditions

CWE-862⁠

Missing Authorization

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-284⁠

Improper Access Control

Sources (10)

Impacted images

nist

CREATED

4 years ago

UPDATED

3 years ago

SOURCE IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-287⁠CWE-755⁠

CVSS SCORE

7.5high

github

CREATED

3 years ago

UPDATED

8 months ago

SOURCE IDGHSA-w73w-5m7g-f7qc⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-287⁠CWE-755⁠

CVSS SCORE

7.5high

alpine

CREATED

4 years ago

UPDATED

1 month ago

SOURCE IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

debian

CREATED

4 years ago

UPDATED

8 months ago

SOURCE IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

ubuntu

CREATED

4 years ago

UPDATED

26 days ago

SOURCE IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

golang

CREATED

3 years ago

UPDATED

11 months ago

SOURCE IDGO-2020-0017⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

gitlab

CREATED

4 years ago

UPDATED

1 year ago

SOURCE ID

CVE-2020-26160

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-287⁠CWE-755⁠CWE-862⁠CWE-937⁠

CVSS SCORE

7.5high

redhat

CREATED

4 years ago

UPDATED

10 months ago

SOURCE IDCVE-2020-26160⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5medium

chainguard

CREATED

3 months ago

UPDATED

3 months ago

SOURCE ID

CVE-2020-26160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

wolfi

CREATED

3 months ago

UPDATED

3 months ago

SOURCE ID

CVE-2020-26160

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE