CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-46250

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile0.56th
Published2022年2月15日
Last Modified2024年11月21日

Vulnerability Description

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.

Affected Platforms (CPE)

📦
Scratchoauth2 Project

Scratchoauth2

< 2021-04-13

References & Advisories

🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/a91879bd58fa83b09283c0708a1864cdf067c64a
🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/a91879bd58fa83b09283c0708a1864cdf067c64a

相关漏洞威胁

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2021-462496.5

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504c...

CVE-2021-462516.1

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to...

CVE-2021-2328110.0

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM soft...