{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T08:33:15.567","vulnerabilities":[{"cve":{"id":"CVE-2021-32691","sourceIdentifier":"security-advisories@github.com","published":"2021-06-16T22:15:07.830","lastModified":"2026-06-17T03:53:26.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events). There is a patch in version 2.20.0. As a workaround, one can patch one's server by overriding the `create` data source method on the `People` class."},{"lang":"es","value":"Apollos Apps es una plataforma de código abierto para lanzar aplicaciones church-related. En Apollos Apps anterior a versión 2.20.0, los nuevos registros de usuarios pueden acceder a la cuenta de cualquier persona al solo conocer su información básica de perfil (nombre, cumpleaños, sexo, etc.). Esto incluye toda la funcionalidad de la aplicación dentro de la misma, así como cualquier enlace autentificado a las páginas web basadas en Rock (como donaciones y eventos). Hay un parche en la versión 2.20.0. Como solución, uno puede parchear su servidor anulando el método de fuente de datos \"create\" en la clase \"People\""}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ApollosProject","product":"apollos-apps","versions":[{"version":"< 2.20.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-303"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apollosapp:data-connector-rock:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.20.0","matchCriteriaId":"B30332C0-EF0D-4E0F-B2D8-06E18F621A4F"}]}]}],"references":[{"url":"https://github.com/ApollosProject/apollos-apps/commit/cb5f8f1c0b24f1b215b2bb5eb6f9a8e16d728ce2","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ApollosProject/apollos-apps/releases/tag/v2.20.0","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ApollosProject/apollos-apps/security/advisories/GHSA-r578-pj6f-r4ff","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/ApollosProject/apollos-apps/commit/cb5f8f1c0b24f1b215b2bb5eb6f9a8e16d728ce2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ApollosProject/apollos-apps/releases/tag/v2.20.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ApollosProject/apollos-apps/security/advisories/GHSA-r578-pj6f-r4ff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}