Описание
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021-04-12 (исключая)
cpe:2.3:a:scratchoauth2_project:scratchoauth2:*:*:*:*:*:scratch:*:*
EPSS
Процентиль: 36%
0.00154
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.
EPSS
Процентиль: 36%
0.00154
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639