2 matches found
CVE-2022-31122
Wire-server vulnerability CVE-2022-31122 is a Token Recipient Confusion issue affecting versions prior to 2022-07-12/Chart 4.19.0. If an attacker obtains SAML IdP metadata details and configures their own SAML on the same backend, they can delete all SAML-authenticated accounts of a targeted team...
CVE-2021-41101
CVE-2021-41101 affects wire-server prior to 2.106.0, where the CORS Access-Control-Allow-Origin header configured by nginz was too permissive, applying to all subdomains of wire.com. This enables a potential attacker to abuse any subdomain with an XSS vector to talk to the Wire API using the user...