CVE-2021-22538

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server versions prior to 0.23.1, allows an attacker who 1 has UserWrite permissions and 2 is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their...

GO-2022-0798 Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server

Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server...

GO-2022-0270 Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server

Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server...

Google Exposure Notifications Verification Server 安全漏洞

Google Exposure Notifications Verification Server is an open source Covid-19 Exposure Notifications verification component from Google USA. A security vulnerability exists in versions prior to Google Exposure Notifications Verification Server V1.1.2, which can be exploited by an attacker to...

GHSA-WX8Q-RGFR-CF6V Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server

Impact Users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID. Patches v1.1.2+ Workarounds There are no workarounds, and there are no indications this has been exploited in the wild. Verification codes can on...

CVE-2021-22538

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server versions prior to 0.23.1, allows an attacker who 1 has UserWrite permissions and 2 is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their...

Privilege escalation

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server versions prior to 0.23.1, allows an attacker who 1 has UserWrite permissions and 2 is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their...

CVE-2021-22538 Privilege escalation in RBAC system

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server versions prior to 0.23.1, allows an attacker who 1 has UserWrite permissions and 2 is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their...

CVE-2021-22538

CVE-2021-22538 is a privilege-escalation flaw in the Google Exposure Notification Verification Server (versions before 0.23.1). An attacker with UserWrite permissions and using a crafted request or malicious proxy can create a new user with higher privileges due to insufficient checks on the allo...

Seth Vargo Exposure Notification Verification Server 输入验证错误漏洞

Seth Vargo exposure-notifications-verification-server is an open source application by Seth Vargo. It is the reference implementation of the Exposure Notifications Verification Server, which is part of the broader Google Exposure Notifications system. A security vulnerability in Seth Vargo Exposu...

PT-2021-15131 · Google · Google Exposure Notification Verification Server

Name of the Vulnerable Software and Affected Versions: Google Exposure Notification Verification Server versions prior to 0.23.1 Description: A privilege escalation issue allows an attacker with UserWrite permissions, using a carefully crafted request or malicious proxy, to create another user wi...