JOSE Library Unauthenticated JWK Header Vulnerability Allowing JWS/JWT Token Forgery

A vulnerability exists in the JOSE library, specifically in versions through 0.3.5, allowing unauthenticated remote attackers to forge valid JWS/JWT tokens. This is achieved by embedding a public key in the JOSE header, which can be used to sign a token payload. The issue arises because the key selection process may incorrectly accept header-provided keys as verification candidates, even if they are not included in the trusted key store. Since JOSE headers are considered untrusted input, this vulnerability can be exploited by creating a token with an attacker-controlled key, leading to unauthorized token verification in applications that use the affected JOSE version.

Impact

Exploitation allows for the forgery of JWS/JWT tokens, which can be used to bypass authentication or authorization mechanisms in applications that rely on these tokens for security.

Remediation

Users are advised to upgrade to JOSE version 0.3.5+1 or later. As a workaround, tokens containing a header 'jwk' should be rejected unless the 'jwk' matches a key already stored in the application's trusted key store.