Vulnerabilities > CVE-2023-52428 - Unspecified vulnerability in Connect2Id Nimbus Jose+Jwt

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

connect2id

NVD

Published: 2024-02-11

Updated: 2024-11-21

Summary

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

Vulnerable Configurations

Part	Description	Count
Application	Connect2Id Connect2Id Nimbus Jose+Jwt 1.0 Connect2Id Nimbus Jose+Jwt 1.1 Connect2Id Nimbus Jose+Jwt 1.2 Connect2Id Nimbus Jose+Jwt 1.3 Connect2Id Nimbus Jose+Jwt 1.4 Connect2Id Nimbus Jose+Jwt 1.5 Connect2Id Nimbus Jose+Jwt 1.6 Connect2Id Nimbus Jose+Jwt 1.7 Connect2Id Nimbus Jose+Jwt 1.8 Connect2Id Nimbus Jose+Jwt 1.9 Connect2Id Nimbus Jose+Jwt 1.9.1 Connect2Id Nimbus Jose+Jwt 1.10 Connect2Id Nimbus Jose+Jwt 1.11 Connect2Id Nimbus Jose+Jwt 1.12 Connect2Id Nimbus Jose+Jwt 2.0 Connect2Id Nimbus Jose+Jwt 2.0.1 Connect2Id Nimbus Jose+Jwt 2.1 Connect2Id Nimbus Jose+Jwt 2.1.1 Connect2Id Nimbus Jose+Jwt 2.2 Connect2Id Nimbus Jose+Jwt 2.3 Connect2Id Nimbus Jose+Jwt 2.4 Connect2Id Nimbus Jose+Jwt 2.5 Connect2Id Nimbus Jose+Jwt 2.6 Connect2Id Nimbus Jose+Jwt 2.7 Connect2Id Nimbus Jose+Jwt 2.8 Connect2Id Nimbus Jose+Jwt 2.9 Connect2Id Nimbus Jose+Jwt 2.10 Connect2Id Nimbus Jose+Jwt 2.10.1 Connect2Id Nimbus Jose+Jwt 2.11.0 Connect2Id Nimbus Jose+Jwt 2.12.0 Connect2Id Nimbus Jose+Jwt 2.13.0 Connect2Id Nimbus Jose+Jwt 2.13.1 Connect2Id Nimbus Jose+Jwt 2.14 Connect2Id Nimbus Jose+Jwt 2.15 Connect2Id Nimbus Jose+Jwt 2.15.1 Connect2Id Nimbus Jose+Jwt 2.15.2 Connect2Id Nimbus Jose+Jwt 2.16 Connect2Id Nimbus Jose+Jwt 2.17 Connect2Id Nimbus Jose+Jwt 2.17.1 Connect2Id Nimbus Jose+Jwt 2.17.2 Connect2Id Nimbus Jose+Jwt 2.18 Connect2Id Nimbus Jose+Jwt 2.18.1 Connect2Id Nimbus Jose+Jwt 2.18.2 Connect2Id Nimbus Jose+Jwt 2.19 Connect2Id Nimbus Jose+Jwt 2.19.1 Connect2Id Nimbus Jose+Jwt 2.20 Connect2Id Nimbus Jose+Jwt 2.21 Connect2Id Nimbus Jose+Jwt 2.22 Connect2Id Nimbus Jose+Jwt 2.22.1 Connect2Id Nimbus Jose+Jwt 2.23 Connect2Id Nimbus Jose+Jwt 2.24 Connect2Id Nimbus Jose+Jwt 2.25 Connect2Id Nimbus Jose+Jwt 2.26 Connect2Id Nimbus Jose+Jwt 2.26.1 Connect2Id Nimbus Jose+Jwt 3.0 Connect2Id Nimbus Jose+Jwt 3.1 Connect2Id Nimbus Jose+Jwt 3.1.1 Connect2Id Nimbus Jose+Jwt 3.1.2 Connect2Id Nimbus Jose+Jwt 3.2 Connect2Id Nimbus Jose+Jwt 3.2.1 Connect2Id Nimbus Jose+Jwt 3.2.2 Connect2Id Nimbus Jose+Jwt 3.3 Connect2Id Nimbus Jose+Jwt 3.4 Connect2Id Nimbus Jose+Jwt 3.5 Connect2Id Nimbus Jose+Jwt 3.6 Connect2Id Nimbus Jose+Jwt 3.7 Connect2Id Nimbus Jose+Jwt 3.8 Connect2Id Nimbus Jose+Jwt 3.8.1 Connect2Id Nimbus Jose+Jwt 3.8.2 Connect2Id Nimbus Jose+Jwt 3.9 Connect2Id Nimbus Jose+Jwt 3.9.1 Connect2Id Nimbus Jose+Jwt 3.9.2 Connect2Id Nimbus Jose+Jwt 3.10 Connect2Id Nimbus Jose+Jwt 4.0 Connect2Id Nimbus Jose+Jwt 4.0.1 Connect2Id Nimbus Jose+Jwt 4.1 Connect2Id Nimbus Jose+Jwt 4.1.1 Connect2Id Nimbus Jose+Jwt 4.2 Connect2Id Nimbus Jose+Jwt 4.3 Connect2Id Nimbus Jose+Jwt 4.3.1 Connect2Id Nimbus Jose+Jwt 4.4 Connect2Id Nimbus Jose+Jwt 4.5 Connect2Id Nimbus Jose+Jwt 4.6 Connect2Id Nimbus Jose+Jwt 4.7 Connect2Id Nimbus Jose+Jwt 4.8 Connect2Id Nimbus Jose+Jwt 4.9 Connect2Id Nimbus Jose+Jwt 4.10 Connect2Id Nimbus Jose+Jwt 4.11 Connect2Id Nimbus Jose+Jwt 4.11.1 Connect2Id Nimbus Jose+Jwt 4.11.2 Connect2Id Nimbus Jose+Jwt 4.12 Connect2Id Nimbus Jose+Jwt 4.13 Connect2Id Nimbus Jose+Jwt 4.13.1 Connect2Id Nimbus Jose+Jwt 4.14 Connect2Id Nimbus Jose+Jwt 4.15 Connect2Id Nimbus Jose+Jwt 4.15.1 Connect2Id Nimbus Jose+Jwt 4.16 Connect2Id Nimbus Jose+Jwt 4.16.1 Connect2Id Nimbus Jose+Jwt 4.16.2 Connect2Id Nimbus Jose+Jwt 4.17 Connect2Id Nimbus Jose+Jwt 4.18 Connect2Id Nimbus Jose+Jwt 4.19 Connect2Id Nimbus Jose+Jwt 4.20 Connect2Id Nimbus Jose+Jwt 4.21 Connect2Id Nimbus Jose+Jwt 4.22 Connect2Id Nimbus Jose+Jwt 4.23 Connect2Id Nimbus Jose+Jwt 4.24 Connect2Id Nimbus Jose+Jwt 4.25 Connect2Id Nimbus Jose+Jwt 4.26 Connect2Id Nimbus Jose+Jwt 4.26.1 Connect2Id Nimbus Jose+Jwt 4.27 Connect2Id Nimbus Jose+Jwt 4.27.1 Connect2Id Nimbus Jose+Jwt 4.28 Connect2Id Nimbus Jose+Jwt 4.29 Connect2Id Nimbus Jose+Jwt 4.30 Connect2Id Nimbus Jose+Jwt 4.31 Connect2Id Nimbus Jose+Jwt 4.31.1 Connect2Id Nimbus Jose+Jwt 4.32 Connect2Id Nimbus Jose+Jwt 4.33 Connect2Id Nimbus Jose+Jwt 4.34 Connect2Id Nimbus Jose+Jwt 4.34.1 Connect2Id Nimbus Jose+Jwt 4.34.2 Connect2Id Nimbus Jose+Jwt 4.35 Connect2Id Nimbus Jose+Jwt 4.36 Connect2Id Nimbus Jose+Jwt 4.36.1 Connect2Id Nimbus Jose+Jwt 4.37 Connect2Id Nimbus Jose+Jwt 4.37.1 Connect2Id Nimbus Jose+Jwt 4.38 Connect2Id Nimbus Jose+Jwt 4.39 Connect2Id Nimbus Jose+Jwt 4.39.1 Connect2Id Nimbus Jose+Jwt 4.39.2 Connect2Id Nimbus Jose+Jwt 4.40 Connect2Id Nimbus Jose+Jwt 4.41 Connect2Id Nimbus Jose+Jwt 4.41.1 Connect2Id Nimbus Jose+Jwt 4.41.2 Connect2Id Nimbus Jose+Jwt 4.41.3 Connect2Id Nimbus Jose+Jwt 5.0 Connect2Id Nimbus Jose+Jwt 5.1 Connect2Id Nimbus Jose+Jwt 5.2 Connect2Id Nimbus Jose+Jwt 5.3 Connect2Id Nimbus Jose+Jwt 5.4 Connect2Id Nimbus Jose+Jwt 5.5 Connect2Id Nimbus Jose+Jwt 5.6 Connect2Id Nimbus Jose+Jwt 5.7 Connect2Id Nimbus Jose+Jwt 5.8 Connect2Id Nimbus Jose+Jwt 5.9 Connect2Id Nimbus Jose+Jwt 5.10 Connect2Id Nimbus Jose+Jwt 5.11 Connect2Id Nimbus Jose+Jwt 5.12 Connect2Id Nimbus Jose+Jwt 5.13 Connect2Id Nimbus Jose+Jwt 5.14 Connect2Id Nimbus Jose+Jwt 6.0 Connect2Id Nimbus Jose+Jwt 6.0.1 Connect2Id Nimbus Jose+Jwt 6.0.2 Connect2Id Nimbus Jose+Jwt 6.1 Connect2Id Nimbus Jose+Jwt 6.1.1 Connect2Id Nimbus Jose+Jwt 6.2 Connect2Id Nimbus Jose+Jwt 6.3 Connect2Id Nimbus Jose+Jwt 6.3.1 Connect2Id Nimbus Jose+Jwt 6.4 Connect2Id Nimbus Jose+Jwt 6.4.1 Connect2Id Nimbus Jose+Jwt 6.4.2 Connect2Id Nimbus Jose+Jwt 6.5 Connect2Id Nimbus Jose+Jwt 6.5.1 Connect2Id Nimbus Jose+Jwt 6.6 Connect2Id Nimbus Jose+Jwt 6.7 Connect2Id Nimbus Jose+Jwt 6.8 Connect2Id Nimbus Jose+Jwt 7.0 Connect2Id Nimbus Jose+Jwt 7.0.1 Connect2Id Nimbus Jose+Jwt 7.1 Connect2Id Nimbus Jose+Jwt 7.2.1 Connect2Id Nimbus Jose+Jwt 7.3 Connect2Id Nimbus Jose+Jwt 7.4 Connect2Id Nimbus Jose+Jwt 7.5 Connect2Id Nimbus Jose+Jwt 7.5.1 Connect2Id Nimbus Jose+Jwt 7.6 Connect2Id Nimbus Jose+Jwt 7.7 Connect2Id Nimbus Jose+Jwt 7.8 Connect2Id Nimbus Jose+Jwt 7.8.1 Connect2Id Nimbus Jose+Jwt 7.9 Connect2Id Nimbus Jose+Jwt 8.0 Connect2Id Nimbus Jose+Jwt 8.1 Connect2Id Nimbus Jose+Jwt 8.2 Connect2Id Nimbus Jose+Jwt 8.2.1 Connect2Id Nimbus Jose+Jwt 8.3 Connect2Id Nimbus Jose+Jwt 8.4 Connect2Id Nimbus Jose+Jwt 8.4.1 Connect2Id Nimbus Jose+Jwt 8.5	193

Summary

Vulnerable Configurations

References