CVE-2021-46249

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-46249
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46249.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-46249
Published
2022-02-15T23:15:07Z
Modified
2025-01-14T22:02:15Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.

References

Affected packages

Git / github.com/scratchverifier/scratchoauth2

Affected ranges

Type
GIT
Repo
https://github.com/scratchverifier/scratchoauth2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed