Unrated severityNVD Advisory· Published May 31, 2022· Updated Apr 23, 2025

Authentication bypass in Vartalap chat-server

CVE-2022-31013

Description

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.

Affected products

Ramank775/Chat Serverv5
Range: >= 2.3.2, < 2.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ramank775/chat-server/releases/tag/v2.6.0mitrex_refsource_MISC
github.com/ramank775/chat-server/security/advisories/GHSA-xx4j-qqpp-v277mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000