All 7 CVE vulnerabilities found in wire-server, with AI-generated Chinese analysis, references, and POCs.
Vendor: wireapp
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-22737 | wire-server vulnerable to unauthorized removal of Bots from Conversations CWE-862 | 6.5 | Medium | 2023-01-27 |
| CVE-2022-31122 | Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation CWE-287 | 9.8 | Critical | 2022-10-18 |
| CVE-2021-41119 | DoS vulnerabiliity in wire-server json parser CWE-400 | 5.3 | Medium | 2022-04-13 |
| CVE-2022-23610 | Improper Verification of Cryptographic Signature in wire-server CWE-347 | 9.1 | Critical | 2022-03-16 |
| CVE-2021-41100 | Account takeover when having only access to a user's short lived token in wire-server CWE-285 | 7.4 | High | 2021-10-04 |
| CVE-2021-41101 | CORS `Access-Control-Allow-Origin` settings are too lenient CWE-79 | 5.7 | Medium | 2021-09-30 |
| CVE-2021-21396 | Bulk list client endpoint exposes too much metadata about a client CWE-200 | 6.5 | Medium | 2021-03-26 |
All 7 known CVE vulnerabilities affecting wire-server with full Chinese analysis, references, and POCs where available.