CVE-2022-29217 Overview
CVE-2022-29217 is a cryptographic vulnerability affecting PyJWT, a Python implementation of RFC 7519 for JSON Web Tokens. The vulnerability allows attackers to exploit algorithm confusion when applications use jwt.algorithms.get_default_algorithms() to specify supported signing algorithms. Since JWT tokens contain an algorithm header that attackers can manipulate, improper algorithm validation can lead to authentication bypass or token forgery.
Critical Impact
Attackers can potentially forge JWT tokens by exploiting algorithm confusion, enabling unauthorized access to protected resources and bypassing authentication mechanisms in affected applications.
Affected Products
- PyJWT Project PyJWT (versions prior to 2.4.0)
- Fedora Project Fedora 35
- Fedora Project Fedora 36
Discovery Timeline
- 2022-05-24 - CVE-2022-29217 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2022-29217
Vulnerability Analysis
This vulnerability falls under the category of Broken Cryptography and relates to CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). The core issue stems from how PyJWT handles algorithm specification during JWT token verification. When applications use jwt.algorithms.get_default_algorithms() to accept all supported algorithms, they inadvertently open themselves to algorithm confusion attacks.
JWT tokens include an alg header that specifies which cryptographic algorithm was used to sign the token. In a secure implementation, the server should strictly enforce which algorithms it accepts. However, when an application accepts all default algorithms, an attacker can craft a token using a weaker or different algorithm than intended, potentially leading to signature bypass.
The vulnerability has a network-based attack vector, requiring no privileges or user interaction, making it remotely exploitable against vulnerable applications.
Root Cause
The root cause lies in the permissive algorithm handling when algorithms=jwt.algorithms.get_default_algorithms() is used during JWT decoding. This configuration accepts all supported algorithms rather than explicitly specifying only the expected signing algorithm. The PyJWT library correctly requires applications to specify supported algorithms, but provides a convenience function that enables insecure defaults when misused.
Attack Vector
An attacker can exploit this vulnerability by:
- Intercepting or observing a valid JWT token from the target application
- Analyzing the token structure and identifying the algorithm used
- Crafting a new JWT token with a manipulated alg header specifying a different algorithm
- Submitting the forged token to the application that uses get_default_algorithms()
- If successful, the application accepts the token despite using an unexpected signing algorithm
The version bump from 2.3.0 to 2.4.0 addresses this security issue:
)
from .jwks_client import PyJWKClient
-__version__ = "2.3.0"
+__version__ = "2.4.0"
__title__ = "PyJWT"
__description__ = "JSON Web Token implementation in Python"
Source: GitHub Commit Update
Detection Methods for CVE-2022-29217
Indicators of Compromise
- Unusual JWT tokens with unexpected or mixed algorithm headers in application logs
- Authentication events where token verification succeeds with algorithms that should not be supported
- Multiple failed authentication attempts followed by successful access using modified tokens
- JWT tokens containing alg headers that differ from the application's expected signing algorithm
Detection Strategies
- Audit application code for usage of jwt.algorithms.get_default_algorithms() in jwt.decode() calls
- Review dependencies using pip list or pip freeze to identify PyJWT versions below 2.4.0
- Implement logging for JWT verification events that capture the algorithm used during token validation
- Use static analysis tools to scan Python codebases for vulnerable PyJWT usage patterns
Monitoring Recommendations
- Enable detailed logging for all JWT authentication events including algorithm information
- Monitor for anomalous authentication patterns such as successful authentications from previously blocked sources
- Set up alerts for JWT tokens that pass validation but use unexpected algorithm types
- Track PyJWT version across all deployed applications and flag outdated instances
How to Mitigate CVE-2022-29217
Immediate Actions Required
- Upgrade PyJWT to version 2.4.0 or later immediately across all affected systems
- Review all JWT decoding implementations and replace get_default_algorithms() with explicit algorithm specifications
- Audit authentication logs for any signs of algorithm confusion exploitation
- Implement explicit algorithm whitelisting in all JWT verification code
Patch Information
The vulnerability is addressed in PyJWT version 2.4.0. Users should upgrade using pip:
pip install --upgrade pyjwt>=2.4.0
The security patch was merged from GitHub Security Advisory GHSA-ffqj-6fqr-9h24. The patched release is available at the PyJWT v2.4.0 release page.
Fedora users should apply updates through their package manager as Fedora 35 and 36 have issued package announcements for this vulnerability.
Workarounds
- Always explicitly specify accepted algorithms rather than using get_default_algorithms()
- Restrict algorithm acceptance to only the specific algorithm(s) your application uses
- Implement server-side validation that verifies the JWT algorithm matches expected configuration
- Consider adding additional token validation checks beyond standard JWT verification
# Secure configuration example - explicitly specify algorithms
import jwt
# Instead of: jwt.decode(token, key, algorithms=jwt.algorithms.get_default_algorithms())
# Use explicit algorithm specification:
decoded = jwt.decode(
token,
key,
algorithms=["RS256"] # Explicitly specify only expected algorithm(s)
)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
