CVE-2021-35970

High

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because…

mitre·CWE-697·Published 2021-06-30

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

180 chars

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

NVDen

180 chars

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

Talk 4 en Coral versiones anteriores a 4.12.1, permite a atacantes remotos detectar direcciones de correo electrónico y otra información confidencial por medio de GraphQL porque las comprobaciones de permisos usan un tipo de datos incorrecto

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N