CVE-2022-31122
- EPSS 0.37%
- Veröffentlicht 18.10.2022 10:15:10
- Zuletzt bearbeitet 21.11.2024 07:03:56
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same back...
CVE-2021-41101
- EPSS 0.31%
- Veröffentlicht 30.09.2021 20:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:28
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that ...
CVE-2021-21396
- EPSS 0.32%
- Veröffentlicht 26.03.2021 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:48:16
wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the `GET /users/list-clients` endpoint. The endpoi...