Mtrezzapublished

**Name of the Vulnerable Software and Affected Versions** Parse Server versions prior to 4.10.11 and 5.2.2 **Description** The issue is related to the lack of validation of the certificate in the Parse Server Apple Game Center auth adapter. This could potentially allow authentication to be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an `authData` object. **Recommendations** For versions prior to 4.10.11 and 5.2.2, update to version 4.10.11 or 5.2.2 to introduce a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter, which takes the URL to the root certificate of Apple's Game Center authentication certificate. Ensure the `rootCertificateUrl` property is kept up-to-date as the root certificate can change at any time.

**Name of the Vulnerable Software and Affected Versions** Apple Game Center (affected versions not specified) **Description** The issue arises from improper validation of the Apple certificate URL in the Apple Game Center authentication adapter, allowing attackers to bypass authentication. This makes the server vulnerable to Denial of Service (DoS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.