VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5jge-ymnm-dkgy

Essentials
Severities (27)
References (10)
Severity details (22)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5jge-ymnm-dkgy
Aliases	CVE-2022-31083 GHSA-rh9j-f5f8-rvgc
Summary	Authentication bypass vulnerability in Apple Game Center auth adapter ### Impact The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. ### Patches To prevent this, a new `rootCertificateUrl` property is introduced to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the [current root certificate](https://developer.apple.com/news/?id=stttq465) as of May 27, 2022. Keep in mind that the root certificate can change at any time (expected to be announced by Apple) and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. ### Workarounds None. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc - https://developer.apple.com/news/?id=stttq465 - https://github.com/parse-community/parse-server ### More information * For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org) or [community chat](http://chat.parseplatform.org) * Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org)
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-287	Improper Authentication
CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-31083
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-31083
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-31083
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-31083
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2022-31083
cvssv3.1	8.6	https://developer.apple.com/news/?id=stttq465
generic_textual	HIGH	https://developer.apple.com/news/?id=stttq465
ssvc	Track	https://developer.apple.com/news/?id=stttq465
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-rh9j-f5f8-rvgc
cvssv3.1	8.6	https://github.com/parse-community/parse-server
generic_textual	HIGH	https://github.com/parse-community/parse-server
cvssv3.1	8.6	https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1
generic_textual	HIGH	https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1
ssvc	Track	https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1
cvssv3.1	8.6	https://github.com/parse-community/parse-server/pull/8054
generic_textual	HIGH	https://github.com/parse-community/parse-server/pull/8054
ssvc	Track	https://github.com/parse-community/parse-server/pull/8054
cvssv3.1	8.6	https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4
generic_textual	HIGH	https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4
cvssv3.1	8.6	https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9
generic_textual	HIGH	https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9
cvssv3.1	8.6	https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
cvssv3.1_qr	HIGH	https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
generic_textual	HIGH	https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
ssvc	Track	https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
cvssv3.1	8.6	https://nvd.nist.gov/vuln/detail/CVE-2022-31083
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-31083

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-31083
		https://developer.apple.com/news/?id=stttq465
		https://github.com/parse-community/parse-server
		https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1
		https://github.com/parse-community/parse-server/pull/8054
		https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4
		https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9
		https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc
		https://nvd.nist.gov/vuln/detail/CVE-2022-31083
GHSA-rh9j-f5f8-rvgc		https://github.com/advisories/GHSA-rh9j-f5f8-rvgc

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://developer.apple.com/news/?id=stttq465

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/ Found at https://developer.apple.com/news/?id=stttq465

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/parse-community/parse-server

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/ Found at https://github.com/parse-community/parse-server/commit/ba2b0a9cb9a568817a114b132a4c2e0911d76df1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/parse-community/parse-server/pull/8054

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/ Found at https://github.com/parse-community/parse-server/pull/8054

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/parse-community/parse-server/pull/8054/commits/0cc299f82e367518f2fe7a53b99f3f801a338cf4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/parse-community/parse-server/pull/8054/commits/2084b7c569697a5230e42511799eeac9219db5a9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:54:05Z/ Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31083

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.38634
EPSS Score	0.00175
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T17:53:22.027392+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-rh9j-f5f8-rvgc/GHSA-rh9j-f5f8-rvgc.json	38.6.0