CyberSec.Space Logo
Back to CVE Browser

CVE-2021-46249

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile40.12th
PublishedFeb 15, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.

Affected Platforms (CPE)

📦
Scratchoauth2 Project

Scratchoauth2

< 2021-04-12

References & Advisories

🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/d856dc704b2504cd3b92cf089fdd366dd40775d6
🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/d856dc704b2504cd3b92cf089fdd366dd40775d6

Related Vulnerabilities

CVE-2021-4625010.0

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authe...

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2021-462516.1

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to...

CVE-2021-3851610.0

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 be...