Home > Vulnerability Database > CVE-2021-22565

Mend.io Vulnerability Database

CVE-2021-22565

Good to know:

Date: December 9, 2021

An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.

Language: Go

Severity Score

6.5

Related Resources (5)

Url: https://github.com/google/exposure-notifications-verification-server/releases/tag/v1.1.2

Url: https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-wx8q-rgfr-cf6v

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-22565

Url: https://github.com/google/exposure-notifications-verification-server

Url: https://www.mend.io/vulnerability-database/CVE-2021-22565

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version github.com/google/exposure-notifications-verification-server - v1.1.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-22565

Good to know:

Date: December 9, 2021

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?