Vulnerabilities > CVE-2021-46250 - Unspecified vulnerability in Scratchoauth2 Project Scratchoauth2

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

scratchoauth2-project

critical

NVD

Published: 2022-02-15

Updated: 2022-02-24

Summary

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.

Vulnerable Configurations

Part	Description	Count
Application	Scratchoauth2_Project Scratchoauth2 Project Scratchoauth2 -	1

References

https://github.com/ScratchVerifier/ScratchOAuth2/commit/a91879bd58fa83b09283c0708a1864cdf067c64a