Lucene search
K

4 matches found

NVD
NVD
added 2022/05/31 11:15 p.m.22 views

CVE-2022-31013

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

9.8CVSS0.01372EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/31 10:35 p.m.27 views

CVE-2022-31013 Authentication bypass in Vartalap chat-server

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

9.1CVSS9.8AI score0.01372EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/05/31 10:35 p.m.6 views

CVE-2022-31013 Authentication bypass in Vartalap chat-server

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

9.1CVSS9.7AI score0.01372EPSS
Exploits0References3
CVE
CVE
added 2022/05/31 10:35 p.m.86 views

CVE-2022-31013

Chat Server (Vartalap) vulnerability CVE-2022-31013 affects versions 2.3.2–2.6.0. Root cause is a token validation bug where this.authProvider.verifyAccessKey is treated as asynchronous without awaiting results, enabling authentication bypass. A patch exists in version 2.6.0. Public references ac...

9.8CVSS9.7AI score0.01372EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder