PT-2022-12619 · Unknown · Scratchoauth2

Apple502J

Published

2022-02-15

Updated

2022-02-24

CVE-2021-46250

CVSS v3.1

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

Name of the Vulnerable Software and Affected Versions ScratchOAuth2 versions before commit a91879bd58fa83b09283c0708a1864cdf067c64a

Description An issue in SOA2Login::commented of ScratchOAuth2 allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.

Recommendations For ScratchOAuth2 versions before commit a91879bd58fa83b09283c0708a1864cdf067c64a, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the SOA2Login::commented function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-46250

Affected Products

Scratchoauth2

PT-2022-12619 · Unknown · Scratchoauth2

CVE-2021-46250

Related Identifiers

Affected Products

References · 5