We found results for “”
WS-2019-0162
Good to know:
Date: August 8, 2018
loopback 2.x before 2.40.0 and 3.x before 3.22.0 vulnerable to Improper Authorization If the AccessToken model is publicly exposed, an attacker can create Authorization Tokens for any user as long as they know the target's userId.
Language: JS
Severity Score
Related Resources (3)
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | LOW |