CVE-2021-22565

Опубликовано: 09 дек. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 5.8

EPSS Низкий

Описание

An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.

Ссылки

https://github.com/google/exposure-notifications-verification-server/releases/tag/v1.1.2
Patch
Release Notes
Third Party Advisory
https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-wx8q-rgfr-cf6v
Third Party Advisory
https://github.com/google/exposure-notifications-verification-server/releases/tag/v1.1.2
Patch
Release Notes
Third Party Advisory
https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-wx8q-rgfr-cf6v
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:exposure_notification_verification_server:*:*:*:*:*:*:*:*

Версия до 1.1.2 (исключая)

EPSS

Процентиль: 32%

0.00121

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-wx8q-rgfr-cf6v