Lucene search
Veracode Vulnerability DatabaseVERACODE:36050HistoryJun 20, 2022 - 6:48 a.m.
Authentication Bypass
2022-06-2006:48:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
35.9%
parse-server is vulnerable to authentication bypass. The vulnerability exists because the certificate in auth adapter is not properly validated. An attacker is able to bypass authentication checks by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object.
| CPE | Name | Operator | Version |
|---|---|---|---|
| parse-server | le | 4.10.10 | |
| parse-server | le | 5.2.1 | |
| parse-server | le | 4.10.10 | |
| parse-server | le | 5.2.1 |
References
developer.apple.com/news/?id=stttq465
github.com/parse-community/parse-server/commit/145838d2d9c1ecf76412a962a4ef61c712bcb0a7
github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1
github.com/parse-community/parse-server/pull/8053
github.com/parse-community/parse-server/pull/8054
github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
Related
prion
prion
Authentication flaw
2022-06-17 19:15:00
osv
osv
BIT-parse-2022-31083
2024-03-06 11:02:46
Authentication bypass vulnerability in Apple Game Center auth adapter
2022-06-17 22:09:09
CVE-2022-31083
2022-06-17 19:15:09
github
github
Authentication bypass vulnerability in Apple Game Center auth adapter
2022-06-17 22:09:09
nvd
nvd
CVE-2022-31083
2022-06-17 19:15:09
cve
cve
CVE-2022-31083
2022-06-17 19:15:09
cvelist
cvelist