What is CVE-2022-24901?

CVE-2022-24901 is a high-severity vulnerability in Parse-community Parse-server, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2022-05-04.

How severe is CVE-2022-24901?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Parse-community Parse-server

CVE-2022-24901

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL…

Vulnerability class: Improper Certificate Validation

EPSS: 0.002 (35.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Parse-community Parse-server — versions < 4.10.10, >= 5.0.0, < 5.2.1

Weakness classification (CWE)

References

github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-24901?: CVE-2022-24901 is a high-severity vulnerability in Parse-community Parse-server, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2022-05-04.
How severe is CVE-2022-24901?: High severity. CVSS v3 base score is 7.5 out of 10.