-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JS]: Signing and verifying JWT signature with a constant key #799
Comments
Hey @amammad 👋 |
Hi Peter, Is there any deadline for finding a new/old CVE? there are many vulnerable instances on my MRVA scan but I didn't have enough time to send a vulnerability report to them. |
No, afaik there's not. (but of course a reasonable time frame is welcome) |
Hey @am0o0 |
Hi @p- |
👍
Let's wait if your new attempts bear any fruits and then I can talk to the team about that. (But in general we have the CVE requirement) |
@p- I found a CVE related to this submission. I'm wondering why codeql couldn't track the source to sink, with my PR I can find the sink which is the I also have a gist for detected instances of hardcoded constant keys from only my additions and it does not contain the previously added hardcoded secret sinks. if it can make this submission process faster please let me know. |
@p- sorry for delay could you please examine the following query yourself? please create a DB of this commit https://github.com/evershopcommerce/evershop/tree/b09f2f4d1a0eb3017344cddc997078444a53af46 you can see that the source is |
Your submission is now in status Test run. For information, the evaluation workflow is the following: |
Your submission is now in status Results analysis. For information, the evaluation workflow is the following: |
Your submission is now in status Query review. For information, the evaluation workflow is the following: |
Query PR
github/codeql#14666
Language
Javascript
CVE(s) ID list
WIP
CWE
CWE-798
Report
Usage of a hardcoded secret key to decode and verify JWTs will cause authentication and authorization bypass which in this query I tried to model many libraries for.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: