What is CVE-2022-31083?

CVE-2022-31083 is a high-severity vulnerability in Parse-community Parse-server, classified under Improper Authentication. CVSS score: 8.6/10. Published 2022-06-17.

How severe is CVE-2022-31083?

High severity. CVSS v3 base score is 8.6 out of 10.

Auth bypass in Parse-community Parse-server

CVE-2022-31083

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, aut…

Vulnerability class: Broken Authentication

EPSS: 0.002 (38.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N.

Affected products

Parse-community Parse-server — versions < 4.0.11, >= 5.0.0, < 5.2.2

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc (x_refsource_CONFIRM)
github.com/parse-community/parse-server/pull/8054 (x_refsource_MISC)
github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e09… (x_refsource_MISC)
developer.apple.com/news/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31083?: CVE-2022-31083 is a high-severity vulnerability in Parse-community Parse-server, classified under Improper Authentication. CVSS score: 8.6/10. Published 2022-06-17.
How severe is CVE-2022-31083?: High severity. CVSS v3 base score is 8.6 out of 10.