Bug 1199756 (CVE-2022-29217)

Summary: VUL-0: CVE-2022-29217: python27-PyJWT,python-PyJWT: Key confusion through non-blocklisted public key formats
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: carlos.lopez, mcepl, meissner, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/332393/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-29217:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2022-05-20 09:37:19 UTC 
rh#2088544

PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm.

The PyJWT library requires that the application chooses what algorithms are supported. The application can specify "jwt.algorithms.get_default_algorithms()" to get support for all algorithms. They can also specify a single one of them (which is the usual use case if calling jwt.decode directly. However, if calling jwt.decode in a helper function, all algorithms might be enabled.)

For example, if the user chooses "none" algorithm and the JWT checker supports that, there will be no signature checking. This is a common security issue with some JWT implementations.

PyJWT combats this by requiring that the if the "none" algorithm is used, the key has to be empty. As the key is given by the application running the checker, attacker cannot force "none" cipher to be used.

Similarly with HMAC (symmetric) algorithm, PyJWT checks that the key is not a public key meant for asymmetric algorithm i.e. HMAC cannot be used if the key begins with "ssh-rsa". If HMAC is used with a public key, the attacker can just use the publicly known public key to sign the token and the checker would use the same key to verify.

From PyJWT 2.0.0 onwards, PyJWT supports ed25519 asymmetric algorithm. With ed25519, PyJWT supports public keys that start with "ssh-", for example "ssh-ed25519".

Upstream commit:
https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc

Reference:
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
https://bugzilla.redhat.com/show_bug.cgi?id=2088544
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29217
Comment 1 Thomas Leroy 2022-05-20 09:38:40 UTC 
The following codestreams should be affected:
- SUSE:SLE-12-SP1:Update
- SUSE:SLE-12-SP3:Update:Products:Cloud8:Update
- SUSE:SLE-12-SP4:Update:Products:Cloud9:Update 
- SUSE:SLE-15:Update
- SUSE:SLE-15-SP1:Update
- SUSE:SLE-15-SP2:Update

SUSE:SLE-11-SP1:Update:Teradata/python27-PyJWT is not affected
Comment 2 Matej Cepl 2022-06-20 14:13:35 UTC 
(In reply to Thomas Leroy from comment #1)
> The following codestreams should be affected:
> - SUSE:SLE-12-SP1:Update
> - SUSE:SLE-12-SP3:Update:Products:Cloud8:Update
> - SUSE:SLE-12-SP4:Update:Products:Cloud9:Update 
> - SUSE:SLE-15:Update
> - SUSE:SLE-15-SP1:Update
> - SUSE:SLE-15-SP2:Update
> 
> SUSE:SLE-11-SP1:Update:Teradata/python27-PyJWT is not affected

Are you certain about it, I have here as supported only these channels:

SLE-12-SP1:Update
SLE-15-SP1:Update
SLE-15-SP2:Update
Comment 4 Thomas Leroy 2022-06-21 09:31:22 UTC 
(In reply to Matej Cepl from comment #2)
> Are you certain about it, I have here as supported only these channels:
> 
> SLE-12-SP1:Update
> SLE-15-SP1:Update
> SLE-15-SP2:Update

On smelt.suse.de/maintained/, SUSE:SLE-15:Update is indeed disabled, maybe because its only channel is EOL. So we don't need a submission for this codestream. However, SUSE:SLE-12-SP3:Update:Products:Cloud8:Update and SUSE:SLE-12-SP4:Update:Products:Cloud9:Update are enabled, but since this is for Cloud products, I don't know if it's maintainer's job to submit to those 2 codestreams...
Comment 5 Swamp Workflow Management 2022-07-14 18:51:41 UTC 
SUSE-SU-2022:2403-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199756
CVE References: CVE-2022-29217
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE Enterprise Storage 6 (src):    python-PyJWT-1.7.1-150100.6.7.1
SUSE CaaS Platform 4.0 (src):    python-PyJWT-1.7.1-150100.6.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-07-14 18:55:26 UTC 
SUSE-SU-2022:2402-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199756
CVE References: CVE-2022-29217
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python-PyJWT-1.7.1-150200.3.3.1
openSUSE Leap 15.3 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Manager Server 4.1 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Manager Retail Branch Server 4.1 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Manager Proxy 4.1 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    python-PyJWT-1.7.1-150200.3.3.1
SUSE Enterprise Storage 7 (src):    python-PyJWT-1.7.1-150200.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-07-14 18:56:03 UTC 
SUSE-SU-2022:2401-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199756
CVE References: CVE-2022-29217
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 12 (src):    python-PyJWT-1.5.3-3.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Thomas Leroy 2022-08-11 07:21:47 UTC 
Matej, could you please also submit to SUSE:SLE-12-SP3:Update:Products:Cloud8:Update and SUSE:SLE-12-SP4:Update:Products:Cloud9:Update ? :)
Comment 10 Matej Cepl 2022-08-18 10:20:50 UTC 
(In reply to Thomas Leroy from comment #9)
> Matej, could you please also submit to
> SUSE:SLE-12-SP3:Update:Products:Cloud8:Update and
> SUSE:SLE-12-SP4:Update:Products:Cloud9:Update ? :)

For both of these I suggest WONTFIX (the patch requires python-cryptography >= 2.6 and porting the patch to older version of cryptography would be quite complicated).
Comment 15 Swamp Workflow Management 2022-10-06 19:18:52 UTC 
SUSE-SU-2022:3545-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1199756
CVE References: CVE-2022-29217
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    python-PyJWT-1.5.3-150000.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2023-03-17 08:30:02 UTC 
SUSE-SU-2023:0794-1: An update that solves one vulnerability, contains four features and has two fixes can now be installed.

Category: security (critical)
Bug References: 1176785, 1199282, 1199756
CVE References: CVE-2022-29217
Jira References: ECO-3105, PM-2352, PM-3243, SLE-24629
Sources used:
openSUSE Leap 15.4 (src): python-PyJWT-2.4.0-150200.3.6.2
Basesystem Module 15-SP4 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Real Time 15 SP3 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Manager Proxy 4.2 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Manager Retail Branch Server 4.2 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Manager Server 4.2 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Enterprise Storage 7.1 (src): python-PyJWT-2.4.0-150200.3.6.2
SUSE Enterprise Storage 7 (src): python-PyJWT-2.4.0-150200.3.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.