CVE-2022-24901

EPSS 0.15%
Veröffentlicht 04.05.2022 01:15:49
Zuletzt bearbeitet 21.11.2024 06:51:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parseplatform ≫ Parse-server SwPlatformnode.js Version < 4.10.10

Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 5.0.0 < 5.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.362

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-24901

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24901

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24901

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-24901