Vulnerabilities > Google > Exposure Notifications Verification Server > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-31	CVE-2021-22538	Incorrect Default Permissions vulnerability in Google Exposure Notifications Verification Server A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. network low complexity google CWE-276	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.