CyberSec.Space Logo
Back to CVE Browser

CVE-2021-46250

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile0.56th
PublishedFeb 15, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.

Affected Platforms (CPE)

📦
Scratchoauth2 Project

Scratchoauth2

< 2021-04-13

References & Advisories

🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/a91879bd58fa83b09283c0708a1864cdf067c64a
🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/a91879bd58fa83b09283c0708a1864cdf067c64a

Related Vulnerabilities

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2021-462496.5

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504c...

CVE-2021-462516.1

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...