CVE-2020-15270

🗓️ 22 Oct 2020 22:12:15Reported by GitHub_MType

Parse Server broadcasts events without checking session token validit

Reporter	Title	Published	Views	Family All 8
Prion	Design/Logic Flaw	22 Oct 202022:15	–	prion
OSV	BIT-parse-2020-15270	6 Mar 202411:04	–	osv
OSV	CVE-2020-15270	22 Oct 202022:15	–	osv
OSV	receiving subscription objects with deleted session	27 Oct 202019:15	–	osv
Veracode	Token Validation Bypass	26 Oct 202002:00	–	veracode
Cvelist	CVE-2020-15270 Improper session expiration in Parse Server	22 Oct 202021:25	–	cvelist
NVD	CVE-2020-15270	22 Oct 202022:15	–	nvd
Github Security Blog	receiving subscription objects with deleted session	27 Oct 202019:15	–	github

Nvd

Vulners

Node

parseplatform parse-serverRange≤4.3.0node.js

[
  {
    "product": "parse-server",
    "vendor": "parse-community",
    "versions": [
      {
        "status": "affected",
        "version": "<= 4.3.0"
      }
    ]
  }
]

Source	Link
npmjs	www.npmjs.com/parse-server
github	www.github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58
github	www.github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Oct 2020 22:15Current

4.4Medium risk

Vulners AI Score4.4

CVSS24

CVSS34.3

EPSS0.0006

CWE-672