VYPR

wire-server

by Wire

CVEs (7)

  • CVE-2023-22737Jan 27, 2023
    risk 0.00cvss epss 0.01

    wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to…

  • CVE-2022-31122Oct 18, 2022
    risk 0.00cvss epss 0.01

    Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete…

  • CVE-2021-41119Apr 13, 2022
    risk 0.00cvss epss 0.02

    Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to…

  • CVE-2022-23610Mar 16, 2022
    risk 0.00cvss epss 0.01

    wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without…

  • CVE-2021-41100Oct 4, 2021
    risk 0.00cvss epss 0.01

    Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as…

  • CVE-2021-41101Sep 30, 2021
    risk 0.00cvss epss 0.01

    wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an…

  • CVE-2021-21396Mar 26, 2021
    risk 0.00cvss epss 0.01

    wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the `GET /users/list-clients` endpoint. The endpoint could be used by any…