CNNVD-202512-2382 Information
CNNVD ID
CNNVD-202512-2382
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 8.6.0-alpha.2之前版本存在安全漏洞,该漏洞源于GitHub CI工作流权限提升,可能导致凭证泄露。
Description (English)
Parse Server is an open source back end of the Parse Platform open source and can be deployed to any infrastructure that can operate Node.js. Prior to Parse Server 8.6.0-alpha.2, there was a security loophole, which originated from GitHub CI ’ s increased workflow privileges, which could lead to the release of documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Parse Platform
Published
2025-12-12
Last Modified
2026-02-24
References
https://github.com/parse-community/parse-server/security/advisories/GHSA-6w8g-mgvv-3fcj https://github.com/parse-community/parse-server/commit/6b9f8963cc3debf59cd9c5dfc5422aff9404ce9d https://github.com/parse-community/parse-server/commit/e3d27fea08c8d8bdd9770a689bc2d757cda48b66 https://access.redhat.com/security/cve/cve-2025-67727
Patch
https://github.com/parse-community/parse-server/releases
Share on: