Veracode Vulnerability DatabaseVERACODE:47634Improper Authentication
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
github.com/pocketbase/pocketbase is vulnerable to Improper Authentication. The vulnerability is due to unverified account linking because an attacker can create an unverified account with the targeted user’s email, and when the user signs up with OAuth2, their account is linked without changing the password. This allows the attacker to access the user’s account using the initially created email and password.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/pocketbase/pocketbase | le | v0.22.13 | |
| github.com/pocketbase/pocketbase | le | v0.22.13 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%