Improper Authorization in Parse Server


Published: 2020-09-15 | Updated: 2021-09-30
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CWE ID CWE-285
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Vendor

Security Notice

Note, the initial report was discarded. This is not a vulnerability.

1) Improper Authorization

Severity: Low

CVE-ID: N/A

CWE-ID: CWE-285 - Improper Authorization

Vulnerable software versions

CPE
External links

https://snyk.io/vuln/SNYK-JS-PARSESERVER-590116
https://github.com/parse-community/parse-server/issues/6612

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.