cvelist/2020/15xxx/CVE-2020-15270.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15270",
        "STATE": "PUBLIC",
        "TITLE": "Improper session expiration in Parse Server"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "parse-server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "<= 4.3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "parse-community"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "{\"CWE-672\":\"Operation on a Resource after Expiration or Release\"}"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj",
                "refsource": "CONFIRM",
                "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj"
            },
            {
                "name": "https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58",
                "refsource": "MISC",
                "url": "https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58"
            },
            {
                "name": "https://npmjs.com/parse-server",
                "refsource": "MISC",
                "url": "https://npmjs.com/parse-server"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-2xm2-xj2q-qgpj",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2020-06-25 17:02:14 +00:00			`{`
			`"CVE_data_meta": {`
Add CVE-2020-15270 for GHSA-2xm2-xj2q-qgpj 2020-10-22 18:19:59 -03:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2020-06-25 17:02:14 +00:00			`"ID": "CVE-2020-15270",`
Add CVE-2020-15270 for GHSA-2xm2-xj2q-qgpj 2020-10-22 18:19:59 -03:00			`"STATE": "PUBLIC",`
			`"TITLE": "Improper session expiration in Parse Server"`
"-Synchronized-Data." 2020-06-25 17:02:14 +00:00			`},`
Add CVE-2020-15270 for GHSA-2xm2-xj2q-qgpj 2020-10-22 18:19:59 -03:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "parse-server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "<= 4.3.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "parse-community"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-06-25 17:02:14 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2020-10-22 22:01:46 +00:00			`"value": "Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched."`
"-Synchronized-Data." 2020-06-25 17:02:14 +00:00			`}`
			`]`
Add CVE-2020-15270 for GHSA-2xm2-xj2q-qgpj 2020-10-22 18:19:59 -03:00			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "{\"CWE-672\":\"Operation on a Resource after Expiration or Release\"}"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj"`
			`},`
			`{`
			`"name": "https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58",`
			`"refsource": "MISC",`
			`"url": "https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58"`
			`},`
			`{`
			`"name": "https://npmjs.com/parse-server",`
			`"refsource": "MISC",`
			`"url": "https://npmjs.com/parse-server"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "GHSA-2xm2-xj2q-qgpj",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2020-06-25 17:02:14 +00:00			`}`
			`}`