Lucene search
GitHub_MCVELIST:CVE-2020-5251HistoryMar 04, 2020 - 3:10 p.m.
CVE-2020-5251 Information disclosure in parse-server
2020-03-0415:10:14
CWE-285
GitHub_M
www.cve.org
2
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS
0.001
Percentile
30.9%
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.
CNA Affected
[
{
"product": "parse-server",
"vendor": "parse-community",
"versions": [
{
"status": "affected",
"version": "< 4.1.0"
}
]
}
]Related
cve
cve
CVE-2020-5251
2020-03-04 15:15:13
veracode
veracode
Information Disclosure
2020-03-05 06:30:14
osv
osv
Information disclosure in parse-server
2020-03-04 20:20:27
CVE-2020-5251
2020-03-04 15:15:13
BIT-parse-2020-5251
2024-03-06 11:04:01
githubexploit
githubexploit
Exploit for Incorrect Authorization in Parseplatform Parse-Server
2020-12-01 09:45:48
prion
prion
Code injection
2020-03-04 15:15:00
nvd
nvd
CVE-2020-5251
2020-03-04 15:15:13
github
github
Information disclosure in parse-server
2020-03-04 20:20:27
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS
0.001
Percentile
30.9%
Related for CVELIST:CVE-2020-5251