How severe is CVE-2022-39227?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-39227?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2022-39227 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.

Related Vulnerabilities

CVE-2017-14487

CRITICAL

CVSS:9.1(Critical)

The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user...

CWE-2902017

CVE-2019-12131

CRITICAL

CVSS:9.1(Critical)

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentic...

CWE-2902019

CVE-2020-11015

CRITICAL

CVSS:9.1(Critical)

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and s...

CWE-2902020

CVE-2021-22779

CRITICAL

CVSS:9.1(Critical)

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoSt...

CWE-2902021

CVE-2021-38598

CRITICAL

CVSS:9.1(Critical)

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending ca...

CWE-2902021

CVE-2022-48349

CRITICAL

CVSS:9.1(Critical)

The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.

CWE-2902022