Vulnerabilities > CVE-2020-5251 - Incorrect Authorization vulnerability in Parseplatform Parse-Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
parseplatform
CWE-863
NVD
Published: 2020-03-04
Updated: 2020-03-06

Summary

In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.

Vulnerable Configurations

Part Description Count
Application
Parseplatform
205

Common Weakness Enumeration (CWE)

References