Authentication Bypass

🗓️ 05 May 2022 11:14:12Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 20 Views

parse-server vulnerable to authentication bypass due to lack of proper validation and checks for Apple certificate URL in Apple Game Center authentication adapter, causing application cras

Reporter	Title	Published	Views	Family All 15
CNNVD	parse-community parse-server 信任管理问题漏洞	4 May 202200:00	–	cnnvd
CVE	CVE-2022-24901	4 May 202201:10	–	cve
Cvelist	CVE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter	4 May 202201:10	–	cvelist
EUVD	EUVD-2022-4956	3 Oct 202520:07	–	euvd
Github Security Blog	Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter	4 May 202218:59	–	github
NVD	CVE-2022-24901	4 May 202201:15	–	nvd
OSV	BIT-PARSE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter	6 Mar 202411:02	–	osv
OSV	CVE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter	4 May 202201:10	–	osv
OSV	GHSA-QF8X-VQJV-92GR Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter	4 May 202218:59	–	osv
Prion	Authentication flaw	4 May 202201:15	–	prion

Vulners

Node

parse-serverRange≤4.10.9

parse-serverRange≤5.2.1-alpha.2

Source	Link
github	www.github.com/parse-community/parse-server/commit/1930a64e9c7e0d287b4ad9e57c6ee03b11b9cbc4
github	www.github.com/parse-community/parse-server/commit/af4a0417a9f3c1e99b3793806b4b18e04d9fa999
github	www.github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr

12 May 2022 18:29Current

3Low risk

Vulners AI Score3

CVSS 25

CVSS 3.17.5

EPSS0.0015

SSVC