Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wire Server Security Vulnerabilities

cve
cve

CVE-2021-21396

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could re...

6.5CVSS

6.3AI Score

0.001EPSS

2021-03-26 10:15 PM
206
4
cve
cve

CVE-2021-41101

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS Access-Control-Allow-Origin header set by nginz is set for all subdomains of .wire.com (including wire.com). This means that if somebody were to find an XSS vector in any of the subdom...

5.7CVSS

5.3AI Score

0.001EPSS

2021-09-30 08:15 PM
28
cve
cve

CVE-2022-31122

Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticat...

9.8CVSS

7.7AI Score

0.002EPSS

2022-10-18 10:15 AM
32
2