{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T20:10:00.651","vulnerabilities":[{"cve":{"id":"CVE-2022-31013","sourceIdentifier":"security-advisories@github.com","published":"2022-05-31T23:15:07.897","lastModified":"2024-11-21T07:03:42.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0."},{"lang":"es","value":"Chat Server es el servidor de chat de Vartalap, una aplicación de mensajería de código abierto. Las versiones 2.3.2 hasta 2.6.0, sufren de un error en la comprobación del token de acceso, resultando en una omisión de autenticación. La función \"this.authProvider.verifyAccessKey\" es una función asíncrona, ya que el código no usa \"await\" para esperar el resultado de la verificación. Cada vez que la función responde con éxito, junto con una excepción no manejada si el token es inválido. Se presenta un parche disponible en la versión 2.6.0"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chat_server_project:chat_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.2","versionEndExcluding":"2.6.0","matchCriteriaId":"188945D9-7BE7-4077-AB71-CEE8CD01B974"}]}]}],"references":[{"url":"https://github.com/ramank775/chat-server/discussions/78","source":"security-advisories@github.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ramank775/chat-server/releases/tag/v2.6.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/ramank775/chat-server/security/advisories/GHSA-xx4j-qqpp-v277","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ramank775/chat-server/discussions/78","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ramank775/chat-server/releases/tag/v2.6.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/ramank775/chat-server/security/advisories/GHSA-xx4j-qqpp-v277","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}