CWE-639
Authorization Bypass Through User-Controlled Key
BaseIncompleteLikelihood: High
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (680)
page 32 of 34| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2172 | Med | 0.28 | 4.3 | 0.00 | Aug 31, 2023 | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles. | |
| CVE-2023-0689 | Med | 0.28 | 4.3 | 0.00 | Aug 31, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name. | |
| CVE-2023-0692 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions. | |
| CVE-2023-0691 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name. | |
| CVE-2022-3995 | Med | 0.28 | 4.3 | 0.00 | Nov 29, 2022 | The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. | |
| CVE-2017-15211 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | |
| CVE-2017-15209 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | |
| CVE-2017-15208 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | |
| CVE-2017-15207 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | |
| CVE-2017-15206 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | |
| CVE-2017-15204 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | |
| CVE-2017-15203 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | |
| CVE-2017-15202 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | |
| CVE-2017-15201 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | |
| CVE-2017-15200 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | |
| CVE-2017-15199 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | |
| CVE-2017-15197 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | |
| CVE-2017-15196 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | |
| CVE-2017-15195 | Med | 0.28 | 4.3 | 0.00 | Oct 11, 2017 | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | |
| CVE-2012-5571 | Med | 0.28 | 5.4 | 0.00 | Dec 18, 2012 | A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access. |