CVE-2019-16281 Information

Jun 07, 2022 cve

Description

Ptarmigan before 0.2.3 lacks API token validation e.g. an \if (token === apiToken) return true; return false;\ code block.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://github.com/nayutaco/ptarmigan/commit/37fd8f9da3bab9d323ddd77f2fd20b6dde8bcf6c https://github.com/nayutaco/ptarmigan/releases/tag/v0.2.3 https://github.com/nayutaco/ptarmigan/compare/v0.2.2…v0.2.3

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5

Share on: