Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
WireWire Server

3 matches found

CVE
CVEadded 2021/03/26 9:40 p.m.232 views

CVE-2021-21396

The CVE-2021-21396 entry concerns wire-server, the backend for Wire. Affected version window is 2021-02-16 through 2021-03-02, where the GET /users/list-clients endpoint exposed client metadata for all users. Any logged-in user could request details of other users (no connection requirement) by g...

6.5CVSS6.4AI score0.01093EPSS
Web
CVE
CVEadded 2022/10/18 12:0 a.m.54 views

CVE-2022-31122

Wire-server vulnerability CVE-2022-31122 is a Token Recipient Confusion issue affecting versions prior to 2022-07-12/Chart 4.19.0. If an attacker obtains SAML IdP metadata details and configures their own SAML on the same backend, they can delete all SAML-authenticated accounts of a targeted team...

9.8CVSS8.2AI score0.00599EPSS
CVE
CVEadded 2021/09/30 7:20 p.m.48 views

CVE-2021-41101

CVE-2021-41101 affects wire-server prior to 2.106.0, where the CORS Access-Control-Allow-Origin header configured by nginz was too permissive, applying to all subdomains of wire.com. This enables a potential attacker to abuse any subdomain with an XSS vector to talk to the Wire API using the user...

5.7CVSS5.4AI score0.00685EPSS