CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

CVE-2024-7628

CVE-2024-7628 involves the MStore API – Create Native Android & iOS Apps On The Cloud WordPress plugin. It allows authentication bypass via a loose token-id verification in verify_id_token, enabling unauthenticated login as an existing site user (potentially an administrator) if firebase is confi...

CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verifyidtoken' function. This makes it possible for unauthenticated attackers to...

PT-2024-38463 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.15.2 Description: The issue is due to the use of loose comparison in the verify id token function, making it possible for...

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

CVE-2024-20897

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information...

GO-2024-2808 CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools

CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools...

Citrix EndPoint Management - Reconfigure your Firebase Cloud Messaging (FCM) in CEM console

As permigration guidance, Google is going to deprecate the FCM legacy APIs for HTTP, which is currently used in our Citrix Endpoint Management CEM FCM implementation. The migration deadline is on June 21, 2024. Customers need to migrate the FCM from legacy FCM API to HTTP v1 API. With the release...

firebase/php-jwt: "None" Algorithm treated as valid on tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

GHSA-H533-5V22-8VCP firebase/php-jwt: "None" Algorithm treated as valid on tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

Cross-Site Request Forgery (CSRF)

firebase-tools is vulnerable to a Cross-Site Request Forgery CSRF. This vulnerability is due to the export endpoint in the Firebase emulator suite. If a user runs the emulator while visiting a malicious website, the browser can call out to localhost, which could result in the exfiltration of...

@arunava-innofied/fire (=17.0.2), @backupfire/firebase (>=1.3.0 <=1.9.1) +55 more potentially affected by CVE-2024-4128 via firebase-tools (>=10.1.2 <=13.35.1)

firebase-tools NPM version =10.1.2, =1.3.0, =0.1.0, =0.1.1, =1.2.4, =1.16.0, =1.2.17, =0.4.0, =0.9.14, =1.0.0, =2.2.0, =6.0.10 and more Source cves: CVE-2024-4128 Source advisory: OSV:GHSA-RCM2-22F3-PQV3...

Firebase vulnerable to CRSF attack

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

GHSA-RCM2-22F3-PQV3 Firebase vulnerable to CRSF attack

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

CVE-2024-4128

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

CVE-2024-4128

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

CVE-2024-4128 CSRF in firebase-tools emulator suite

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

CVE-2024-4128 CSRF in firebase-tools emulator suite

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed cal...

CVE-2024-4128

The CVE-2024-4128 issue affects the Firebase tools emulator suite (firebase-tools). A CSRF vulnerability exists via the export endpoint that can allow a malicious website to exfiltrate emulator data when a user with the emulator open visits the site if localhost calls are possible. Affected compo...

Firebase CLI 安全漏洞

Firebase CLI is a command line tool from Firebase Inc. in the United States. A security vulnerability exists in Firebase CLI, which originated from a vulnerability that allows a user who is running the emulator to exploit the vulnerability to navigate to a malicious website on a browser that allo...