Home > Vulnerability Database > WS-2021-0420

Mend.io Vulnerability Database

WS-2021-0420

Date: November 9, 2021

Users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID. Fixed in 1.1.2

Language: Go

Severity Score

6.5

Related Resources (2)

Url: https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-wx8q-rgfr-cf6v

Url: https://www.mend.io/vulnerability-database/WS-2021-0420

Severity Score

6.5

Weakness Type (CWE)

Code

CWE-17

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2021-0420

Date: November 9, 2021

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?