CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

CVSS v3 7.3 HIGH
CVSS v2.0 3.5 LOW

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/googleapis/google-oauth-java-client/pull/872	Issue Tracking Patch Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:oauth_client_library_for_java:*:*:*:*:*:*:*:*

History

10 May 2022, 23:51

Type	Values Removed	Values Added
CPE		cpe:2.3:a:google:oauth_client_library_for_java::::::::
References	~~(MISC) https://github.com/googleapis/google-oauth-java-client/pull/872 -~~	(MISC) https://github.com/googleapis/google-oauth-java-client/pull/872 - Issue Tracking, Patch, Release Notes, Third Party Advisory
CWE		CWE-347
First Time		Google oauth Client Library For Java Google
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.5 v3 : 7.3

03 May 2022, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-03 16:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-22573

Mitre link : CVE-2021-22573

CVE.ORG link : CVE-2021-22573

JSON object : View

Products Affected

google

oauth_client_library_for_java

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2021-22573", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}]}, "published": "2022-05-03T16:15:18.700", "references": [{"url": "https://github.com/googleapis/google-oauth-java-client/pull/872", "tags": ["Issue Tracking", "Patch", "Release Notes", "Third Party Advisory"], "source": "cve-coordination@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above"}, {"lang": "es", "value": "La vulnerabilidad consiste en que el verificador IDToken no verifica si el token est\u00e1 correctamente firmado. La verificaci\u00f3n de la firma asegura que la carga \u00fatil del token proviene de un proveedor v\u00e1lido y no de otra persona. Un atacante puede proporcionar un token comprometido con una carga \u00fatil personalizada. El token pasar\u00e1 la comprobaci\u00f3n en el lado del cliente. Recomendamos actualizar a versi\u00f3n 1.33.3 o superior"}], "lastModified": "2022-05-10T23:51:02.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:oauth_client_library_for_java:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96AD9B2E-FDD8-4740-B678-7BA34BB27272", "versionEndExcluding": "1.33.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}