Vulnerability Details : CVE-2022-24901
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.
Vulnerability category: BypassGain privilegeDenial of service
Products affected by CVE-2022-24901
- cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*
- cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24901
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24901
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2022-24901
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: security-advisories@github.com (Secondary)
-
The product does not validate, or incorrectly validates, a certificate.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2022-24901
-
https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter · Advisory · parse-community/parse-server · GitHubIssue Tracking;Third Party Advisory
Jump to