Design/Logic Flaw

2021-06-3015:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

CPENameOperatorVersion
coral_talkge4.0.0
coral_talklt4.12.1

CPE	Name	Operator	Version
	coral_talk	ge	4.0.0
	coral_talk	lt	4.12.1

References

docs.coralproject.net/coral/api/graphql/

github.com/coralproject/talk/compare/v4.12.0...v4.12.1

github.com/coralproject/talk/issues/3600

github.com/coralproject/talk/pull/3599