Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.
References
Link | Resource |
---|---|
https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a | Patch Third Party Advisory |
https://github.com/parse-community/parse-server/releases/tag/4.5.0 | Release Notes Third Party Advisory |
https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3 | Third Party Advisory |
https://www.npmjs.com/package/parse-server | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-12-30T19:25:17
Updated: 2020-12-30T19:25:16
Reserved: 2020-10-01T00:00:00
Link: CVE-2020-26288
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-30T20:15:15.267
Modified: 2021-01-04T21:01:31.620
Link: CVE-2020-26288
JSON object: View
Redhat Information
No data.
CWE