CWE-639
Authorization Bypass Through User-Controlled Key
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,068)
page 50 of 54| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42512 | — | 0.00 | — | 0.01 | Feb 10, 2025 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. | ||
| CVE-2024-50703 | 0.00 | — | 0.00 | Dec 30, 2024 | TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. | |||
| CVE-2024-48899 | 0.00 | — | 0.00 | Nov 20, 2024 | A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | |||
| CVE-2024-45690 | 0.00 | — | 0.00 | Nov 20, 2024 | A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts. | |||
| CVE-2021-3991 | 0.00 | — | 0.00 | Nov 15, 2024 | An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions. | |||
| CVE-2024-43438 | 0.00 | — | 0.01 | Nov 7, 2024 | A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report. | |||
| CVE-2024-43431 | 0.00 | — | 0.00 | Nov 7, 2024 | A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access. | |||
| CVE-2024-10452 | 0.00 | — | 0.01 | Oct 29, 2024 | Organization admins can delete pending invites created in an organization they are not part of. | |||
| CVE-2024-7041 | 0.00 | — | 0.00 | Oct 9, 2024 | An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other… | |||
| CVE-2024-39319 | 0.00 | — | 0.00 | Sep 26, 2024 | aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another… | |||
| CVE-2024-45614 | — | 0.00 | — | 0.01 | Sep 19, 2024 | Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is… | ||
| CVE-2024-46982 | 0.00 | — | 0.61 | Sep 17, 2024 | Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent… | |||
| CVE-2024-45605 | 0.00 | — | 0.00 | Sep 17, 2024 | Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete… | |||
| CVE-2024-45606 | 0.00 | — | 0.00 | Sep 17, 2024 | Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project.… | |||
| CVE-2024-47047 | — | 0.00 | — | 0.00 | Sep 17, 2024 | An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display… | ||
| CVE-2024-45232 | — | 0.00 | — | 0.00 | Aug 28, 2024 | An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all… | ||
| CVE-2024-6534 | 0.00 | — | 0.00 | Aug 15, 2024 | Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When… | |||
| CVE-2024-39900 | — | 0.00 | — | 0.00 | Jul 9, 2024 | OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the… | ||
| CVE-2024-39901 | — | 0.00 | — | 0.00 | Jul 9, 2024 | OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the… | ||
| CVE-2024-39897 | 0.00 | — | 0.00 | Jul 9, 2024 | zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is… |
- CVE-2024-42512Feb 10, 2025risk 0.00cvss —epss 0.01
Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
- CVE-2024-50703Dec 30, 2024risk 0.00cvss —epss 0.00
TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.
- CVE-2024-48899Nov 20, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.
- CVE-2024-45690Nov 20, 2024risk 0.00cvss —epss 0.00
A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.
- CVE-2021-3991Nov 15, 2024risk 0.00cvss —epss 0.00
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
- CVE-2024-43438Nov 7, 2024risk 0.00cvss —epss 0.01
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
- CVE-2024-43431Nov 7, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.
- CVE-2024-10452Oct 29, 2024risk 0.00cvss —epss 0.01
Organization admins can delete pending invites created in an organization they are not part of.
- CVE-2024-7041Oct 9, 2024risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other…
- CVE-2024-39319Sep 26, 2024risk 0.00cvss —epss 0.00
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another…
- CVE-2024-45614Sep 19, 2024risk 0.00cvss —epss 0.01
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is…
- CVE-2024-46982Sep 17, 2024risk 0.00cvss —epss 0.61
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent…
- CVE-2024-45605Sep 17, 2024risk 0.00cvss —epss 0.00
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete…
- CVE-2024-45606Sep 17, 2024risk 0.00cvss —epss 0.00
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project.…
- CVE-2024-47047Sep 17, 2024risk 0.00cvss —epss 0.00
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display…
- CVE-2024-45232Aug 28, 2024risk 0.00cvss —epss 0.00
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all…
- CVE-2024-6534Aug 15, 2024risk 0.00cvss —epss 0.00
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When…
- CVE-2024-39900Jul 9, 2024risk 0.00cvss —epss 0.00
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the…
- CVE-2024-39901Jul 9, 2024risk 0.00cvss —epss 0.00
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the…
- CVE-2024-39897Jul 9, 2024risk 0.00cvss —epss 0.00
zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is…