FreeTAKTeam/FreeTakServer on GitHub
Situational Awareness Server compatible with TAK clients
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2022-25508 | 7.5 HIGH | 5 MEDIUM | |
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. | |||
CVE-2022-25510 | 8.8 HIGH | 6.5 MEDIUM | |
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. |