How severe is CVE-2022-29217?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-29217?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2022-29217 - HIGH Severity | CVSS 7.5

Vulnerability Description

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

Related Vulnerabilities

CVE-2002-2058

HIGH

CVSS:7.5(High)

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash...

CWE-3272002

CVE-2005-2946

HIGH

CVSS:7.5(High)

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certif...

CWE-3272005

CVE-2007-4150

HIGH

CVSS:7.5(High)

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information ...

CWE-3272007

CVE-2008-3188

HIGH

CVSS:7.5(High)

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

CWE-3272008

CVE-2012-5623

HIGH

CVSS:7.5(High)

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

CWE-3272012

CVE-2015-0226

HIGH

CVSS:7.5(High)

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to...

CWE-3272015