This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is Apigee Edge vulnerable to CVE-2022-23529 - JWT verify

Posted on 01-11-2023 04:06 PM
sophiajohnson
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

A new jwt Critical vulnerability has been reported by NIST:  https://nvd.nist.gov/vuln/detail/CVE-2022-23529.  

Is Apigee Edge, public cloud impacted?

 

 

0 2 308
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Looks node specific module and afaik internal implementation is based of java nimbus-jose-jwt.

Any one who is using custom via node-jsonwebtoken module is worth aware and take remediation.

Will wait to hear back from experts.

Thankyou.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

The Apigee VerifyJWT policy is not affected by the CVE you cited. As API Evangelist mentioned, the Apigee policy does not depend on the auth0 nodejs library. 

0 Likes