CVE-2017-12973

Low

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows…

mitre·CWE-354·Published 2017-08-20

CVSS

3.1

EPSS

0.01

KEV

Exploits

cve.orgen

178 chars

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

NVDen

178 chars

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

OSV.deven

178 chars

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

GHSAen

178 chars

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

NVDes

204 chars

Nimbus JOSE+JWT en versiones anteriores a la 4.39 procede de forma inadecuada tras detectar un HMAC no válido en un descifrado AES-CBC, lo que permite que atacantes lleven a cabo un ataque padding oracle.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	3.1	1.6	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N