CVE-2021-46250

Published February 15th, 2022

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.

ScratchVerifier/ScratchOAuth2

Since Scratch has no native OAuth, "Fine, I'll do it myself."

GitHub