Lucene search
K
Scratchoauth2 ProjectScratchoauth2

4 matches found

CVE
CVE
added 2022/02/15 10:13 p.m.96 views

CVE-2021-46250

The CVE-2021-46250 entry concerns ScratchOAuth2, specifically its SOA2Login::commented path prior to commit a91879bd58fa83b09283c0708a1864cdf067c64a, which allows an attacker to authenticate as other users on downstream components relying on ScratchOAuth2. The vulnerability’s impact is described ...

10CVSS9.3AI score0.01052EPSS
CVE
CVE
added 2022/02/15 10:13 p.m.92 views

CVE-2021-46249

The CVE-2021-46249 issue is an authorization bypass in ScratchOAuth2’s SpecificApps REST API that can be exploited via a user-controlled key to let app owners set flags indicating an app is verified. Root cause: API-level authorization bypass enabling modification of verification status without p...

6.5CVSS6.4AI score0.00643EPSS
CVE
CVE
added 2022/02/15 10:13 p.m.84 views

CVE-2021-46251

ScratchOAuth2 is affected by a reflected XSS vulnerability disclosed as CVE-2021-46251. The issue lies in the POST request handling before commit 1603f04e44ef67dde6ccffe866d2dca16defb293, where insufficient input validation/filtering allows an attacker to inject and execute arbitrary web scripts ...

6.1CVSS5.9AI score0.00562EPSS
CVE
CVE
added 2021/04/13 6:25 p.m.35 views

CVE-2021-29437

ScratchOAuth2 is an OAuth implementation for Scratch. A third party can read and modify data that a user could, by tricking the user into posting a ScratchOAuth2 login code, enabling the third party to complete login and gain full access to the user’s Scratch account. The attack proceeds via a us...

8CVSS6.9AI score0.00806EPSS