2 matches found
CVE-2021-46249
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...
CVE-2021-46249
The CVE-2021-46249 issue is an authorization bypass in ScratchOAuth2’s SpecificApps REST API that can be exploited via a user-controlled key to let app owners set flags indicating an app is verified. Root cause: API-level authorization bypass enabling modification of verification status without p...