CVE-2021-22565

MEDIUM

Exposure Notification <V1.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0043
EPSS Percentile 34.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

CWE
CWE-284
Status published
Products (2)
google/exposure-notifications-verification-server 0 - 1.1.2Go
google/exposure_notification_verification_server < 1.1.2
Published Dec 09, 2021
Tracked Since Feb 18, 2026