How severe is CVE-2021-21310?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-21310?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2021-21310 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. This made it possible to use a valid token to sign in as another user when using the Prima adapter in conjunction with the Email provider. This issue is specific to the community supported Prisma adapter. This issue is fixed in version 3.3.0.

Related Vulnerabilities

CVE-2013-5661

MEDIUM

CVSS:5.9(Medium)

Cache Poisoning issue exists in DNS Response Rate Limiting.

CWE-2902013

CVE-2019-1318

MEDIUM

CVSS:5.9(Medium)

A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.

CWE-2902019

CVE-2021-40823

MEDIUM

CVSS:5.9(Medium)

A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryptio...

CWE-2902021

CVE-2021-40824

MEDIUM

CVSS:5.9(Medium)

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an...

CWE-2902021

CVE-2022-34716

MEDIUM

CVSS:5.9(Medium)

.NET Spoofing Vulnerability

CWE-2902022

CVE-2022-38712

MEDIUM

CVSS:5.9(Medium)

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Forc...

CWE-2902022