4 matches found
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
CVE-2022-31013 Authentication bypass in Vartalap chat-server
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
CVE-2022-31013 Authentication bypass in Vartalap chat-server
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...
CVE-2022-31013
Chat Server (Vartalap) vulnerability CVE-2022-31013 affects versions 2.3.2–2.6.0. Root cause is a token validation bug where this.authProvider.verifyAccessKey is treated as asynchronous without awaiting results, enabling authentication bypass. A patch exists in version 2.6.0. Public references ac...