Skip to content

Commit

Permalink
HSEC-2023-0002: fix typo, add related id
Browse files Browse the repository at this point in the history
  • Loading branch information
@frasertweedale @blackheaven
frasertweedale authored and blackheaven committed Jun 28, 2023
1 parent 6b95156 commit 2180474
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion advisories/hackage/biscuit-haskell/HSEC-2023-0002.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ id = "HSEC-2023-0002"
cwe = [347]
keywords = ["crypto"]
aliases = ["CVE-2022-31053"]
related = ["GHSA-75rw-34q6-72cr"]

[[affected]]
package = "biscuit-haskell"
Expand All @@ -24,7 +25,7 @@ url = "https://github.com/biscuit-auth/biscuit/security/advisories/GHSA-75rw-34q
# Improper Verification of Cryptographic Signature

The Biscuit specification version 1 contains a vulnerable algorithm that allows
malicious actors to forge valid ?-signatures. Such an attack would allow an
malicious actors to forge valid Γ-signatures. Such an attack would allow an
attacker to create a token with any access level. The version 2 of the
specification mandates a different algorithm than gamma signatures and as such
is not affected by this vulnerability.

0 comments on commit 2180474

Please sign in to comment.