{
  "claim_outcome": "not_confirmed",
  "variant_kind": "alternate_trigger_only_no_bypass",
  "claim_block_reason": null,
  "bypass_found": false,
  "distinct_variant_found": false,
  "variant_result": "no_bypass",
  "repro_result": "alternate_triggers_reproduced_on_vulnerable_only",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "authz_bypass",
  "observed_impact_class_on_vulnerable": "authz_bypass",
  "observed_impact_class_on_fixed": "no_impact_request_rejected_401",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "JWT header alg set to HS256 and HMAC-SHA256 signature computed using the consumer's asymmetric public key (RSA/EC/Ed25519 PEM) as the HMAC secret; token payload key claim selects the targeted consumer",
  "trigger_path": "HTTP GET / to APISIX gateway (port 9080) with Authorization: Bearer <forged HS256 JWT> against a route protected by the jwt-auth plugin; consumer selected by the token key claim",
  "tested_variants": [
    {
      "id": "V1_rs256_control",
      "consumer_algorithm": "RS256",
      "key_material": "RSA-2048 public key PEM",
      "vulnerable_3_16_0": {"forged_hs256_code": 200, "bypass": true},
      "fixed_3_17_0": {"forged_hs256_code": 401, "bypass": false, "log": "algorithm mismatch, expected RS256"},
      "classification": "original_cve_control"
    },
    {
      "id": "V2_es256_alternate",
      "consumer_algorithm": "ES256",
      "key_material": "EC prime256v1 public key PEM",
      "vulnerable_3_16_0": {"forged_hs256_code": 200, "bypass": true},
      "fixed_3_17_0": {"forged_hs256_code": 401, "bypass": false, "log": "algorithm mismatch, expected ES256"},
      "classification": "alternate_trigger_same_root_cause_not_distinct_variant"
    },
    {
      "id": "V3_eddsa_alternate",
      "consumer_algorithm": "EdDSA",
      "key_material": "Ed25519 public key PEM",
      "vulnerable_3_16_0": {"forged_hs256_code": 200, "bypass": true},
      "fixed_3_17_0": {"forged_hs256_code": 401, "bypass": false, "log": "algorithm mismatch, expected EdDSA"},
      "classification": "alternate_trigger_same_root_cause_not_distinct_variant"
    }
  ],
  "end_to_end_target_reached": true,
  "end_to_end_bypass_on_fixed": false,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated_on_vulnerable": true,
  "exploit_chain_demonstrated_on_fixed": false,
  "blocking_mitigation": "Fix commit e4de423f (3.17.0) enforces jwt.header.alg == consumer.auth_conf.algorithm before verify_signature in find_consumer (apisix/plugins/jwt-auth.lua). The check and alg_verify dispatch both read self.header.alg, so no token can pass the check and still dispatch HMAC against an asymmetric key. The guard is on the only path to verify_signature and is generic over all supported consumer algorithms.",
  "inferred": false,
  "rationale": "No bypass and no materially-distinct variant found. verify_signature has a single caller (find_consumer) which contains the fix; the fix's alg comparison and the verifier's alg dispatch read the same self.header.alg field (set once by resty.jwt load_jwt with no normalization), so no header.alg value can both satisfy the equality and select HMAC against an asymmetric key. Alternate triggers across asymmetric key families (ES256, EdDSA) reproduce the same authz_bypass on 3.16.0 but share the identical sink (alg_verify[HS256] with the consumer public key), entry point (HTTP GET / via jwt-auth), and trust boundary (remote unauthenticated caller) as the parent CVE, and are rejected on 3.17.0 with explicit 'algorithm mismatch, expected <alg>' log lines. Per variant guidance, relabeling the same sink via a different consumer configuration is not a distinct variant."
}
