VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 50 of 54
  • CVE-2024-42512Feb 10, 2025
    risk 0.00cvss epss 0.01

    Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.

  • CVE-2024-50703Dec 30, 2024
    risk 0.00cvss epss 0.00

    TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.

  • CVE-2024-48899Nov 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

  • CVE-2024-45690Nov 20, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.

  • CVE-2021-3991Nov 15, 2024
    risk 0.00cvss epss 0.00

    An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.

  • CVE-2024-43438Nov 7, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

  • CVE-2024-43431Nov 7, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.

  • CVE-2024-10452Oct 29, 2024
    risk 0.00cvss epss 0.01

    Organization admins can delete pending invites created in an organization they are not part of.

  • CVE-2024-7041Oct 9, 2024
    risk 0.00cvss epss 0.00

    An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other…

  • CVE-2024-39319Sep 26, 2024
    risk 0.00cvss epss 0.00

    aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another…

  • CVE-2024-45614Sep 19, 2024
    risk 0.00cvss epss 0.01

    Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is…

  • CVE-2024-46982Sep 17, 2024
    risk 0.00cvss epss 0.61

    Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent…

  • CVE-2024-45605Sep 17, 2024
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete…

  • CVE-2024-45606Sep 17, 2024
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project.…

  • CVE-2024-47047Sep 17, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display…

  • CVE-2024-45232Aug 28, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all…

  • CVE-2024-6534Aug 15, 2024
    risk 0.00cvss epss 0.00

    Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When…

  • CVE-2024-39900Jul 9, 2024
    risk 0.00cvss epss 0.00

    OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the…

  • CVE-2024-39901Jul 9, 2024
    risk 0.00cvss epss 0.00

    OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the…

  • CVE-2024-39897Jul 9, 2024
    risk 0.00cvss epss 0.00

    zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is…