Vulnerability Description
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exposure Notification Verification Server | < 1.1.2 |
Related Weaknesses (CWE)
References
- https://github.com/google/exposure-notifications-verification-server/releases/taPatchRelease NotesThird Party Advisory
- https://github.com/google/exposure-notifications-verification-server/security/adThird Party Advisory
- https://github.com/google/exposure-notifications-verification-server/releases/taPatchRelease NotesThird Party Advisory
- https://github.com/google/exposure-notifications-verification-server/security/adThird Party Advisory
FAQ
What is CVE-2021-22565?
CVE-2021-22565 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading t...
How severe is CVE-2021-22565?
CVE-2021-22565 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22565?
Check the references section above for vendor advisories and patch information. Affected products include: Google Exposure Notification Verification Server.