Skip to main content

Authentication Bypass Using an Alternate Path or Channel

CVE-2022-3102

Severity High
Score 9.1/10

Summary

The package jwcrypto versions prior to 1.4 are vulnerable to token substitution can lead to authentication bypass.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Advisory Timeline

  • Published