Incorrect Comparison

CVE-2021-35970

High

7.5/10

Summary

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory Timeline

Published Jun 30, 2021

Incorrect Comparison

CVE-2021-35970

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS