Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-31013
HistoryMay 31, 2022 - 11:15 p.m.

CVE-2022-31013

2022-05-3123:15:07
Google
osv.dev
3
chat server
vartalap
authentication bypass
async function
access token
unhandled exception
patch
software

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.

Related

prion 1
cvelist 1
cve 1
nvd 1
prion
prion
Authentication flaw
2022-05-31 23:15:00
cvelist
cvelist
CVE-2022-31013 Authentication bypass in Vartalap chat-server
2022-05-31 22:35:11
cve
cve
CVE-2022-31013
2022-05-31 23:15:07
nvd
nvd
CVE-2022-31013
2022-05-31 23:15:07

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON
Related for OSV:CVE-2022-31013
prion1cvelist1cve1nvd1