{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T00:53:37.547","vulnerabilities":[{"cve":{"id":"CVE-2021-29452","sourceIdentifier":"security-advisories@github.com","published":"2021-04-16T22:15:14.310","lastModified":"2024-11-21T06:01:07.747","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2."},{"lang":"es","value":"a12n-server es un paquete npm que presenta como objetivo proporcionar un sistema de autenticación simple. Se agregó un nuevo HAL-Form para permitir la edición de usuarios en versión 0.18.0. Esta función solo debería haber sido accesible para administradores. Lamentablemente, unos privilegios fueron comprobados incorrectamente, permitiendo a cualquier usuario que haya iniciado sesión realizar este cambio. Parcheado en la versión v0.18.2"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:curveballjs:a12n-server:*:*:*:*:*:node.js:*:*","versionStartIncluding":"0.18.0","versionEndExcluding":"0.18.2","matchCriteriaId":"7D971DD6-E98D-46FA-A919-D533FCF824CC"}]}]}],"references":[{"url":"https://github.com/curveball/a12n-server/security/advisories/GHSA-8hw9-22v6-9jr9","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.npmjs.com/package/%40curveball/a12n-server","source":"security-advisories@github.com"},{"url":"https://github.com/curveball/a12n-server/security/advisories/GHSA-8hw9-22v6-9jr9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.npmjs.com/package/%40curveball/a12n-server","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}