Vulnerabilities > CVE-2023-52428 - Unspecified vulnerability in Connect2Id Nimbus Jose+Jwt

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
connect2id
NVD
Published: 2024-02-11
Updated: 2024-10-30

Summary

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

Vulnerable Configurations

Part Description Count
Application
Connect2Id
193

References