CWE-639
Authorization Bypass Through User-Controlled Key
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,068)
page 51 of 54| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39321 | 0.00 | — | 0.01 | Jul 5, 2024 | Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and… | |||
| CVE-2024-29181 | 0.00 | — | 0.00 | Jun 12, 2024 | Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they… | |||
| CVE-2023-48865 | — | 0.00 | — | 0.01 | Apr 11, 2024 | An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. | ||
| CVE-2024-29194 | — | 0.00 | — | 0.01 | Mar 24, 2024 | OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by… | ||
| CVE-2023-36238 | 0.00 | — | 0.01 | Mar 13, 2024 | Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter. | |||
| CVE-2024-27302 | 0.00 | — | 0.01 | Mar 6, 2024 | go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a… | |||
| CVE-2024-25983 | 0.00 | — | 0.01 | Feb 19, 2024 | Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | |||
| CVE-2024-22206 | 0.00 | — | 0.01 | Jan 12, 2024 | Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | |||
| CVE-2023-49583 | 0.00 | — | 0.01 | Dec 12, 2023 | SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||
| CVE-2023-46446 | — | 0.00 | — | 0.01 | Nov 14, 2023 | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | ||
| CVE-2023-5544 | 0.00 | — | 0.01 | Nov 9, 2023 | Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | |||
| CVE-2023-43668 | 0.00 | — | 0.01 | Oct 16, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade… | |||
| CVE-2023-38218 | 0.00 | — | 0.01 | Oct 13, 2023 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation. | |||
| CVE-2023-44981 | 0.00 | — | 0.02 | Oct 11, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in… | |||
| CVE-2023-38872 | — | 0.00 | — | 0.01 | Sep 28, 2023 | An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | ||
| CVE-2023-38201 | 0.00 | — | 0.00 | Aug 25, 2023 | A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier… | |||
| CVE-2023-3700 | — | 0.00 | — | 0.00 | Jul 17, 2023 | Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||
| CVE-2023-32310 | 0.00 | — | 0.01 | Jun 1, 2023 | DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or… | |||
| CVE-2023-2978 | 0.00 | — | 0.01 | May 30, 2023 | A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the… | |||
| CVE-2023-28334 | 0.00 | — | 0.01 | Mar 23, 2023 | Authenticated users were able to enumerate other users' names via the learning plans page. |
- CVE-2024-39321Jul 5, 2024risk 0.00cvss —epss 0.01
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and…
- CVE-2024-29181Jun 12, 2024risk 0.00cvss —epss 0.00
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they…
- CVE-2023-48865Apr 11, 2024risk 0.00cvss —epss 0.01
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.
- CVE-2024-29194Mar 24, 2024risk 0.00cvss —epss 0.01
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by…
- CVE-2023-36238Mar 13, 2024risk 0.00cvss —epss 0.01
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.
- CVE-2024-27302Mar 6, 2024risk 0.00cvss —epss 0.01
go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a…
- CVE-2024-25983Feb 19, 2024risk 0.00cvss —epss 0.01
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
- CVE-2024-22206Jan 12, 2024risk 0.00cvss —epss 0.01
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
- CVE-2023-49583Dec 12, 2023risk 0.00cvss —epss 0.01
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
- CVE-2023-46446Nov 14, 2023risk 0.00cvss —epss 0.01
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
- CVE-2023-5544Nov 9, 2023risk 0.00cvss —epss 0.01
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
- CVE-2023-43668Oct 16, 2023risk 0.00cvss —epss 0.01
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade…
- CVE-2023-38218Oct 13, 2023risk 0.00cvss —epss 0.01
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.
- CVE-2023-44981Oct 11, 2023risk 0.00cvss —epss 0.02
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in…
- CVE-2023-38872Sep 28, 2023risk 0.00cvss —epss 0.01
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
- CVE-2023-38201Aug 25, 2023risk 0.00cvss —epss 0.00
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier…
- CVE-2023-3700Jul 17, 2023risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-32310Jun 1, 2023risk 0.00cvss —epss 0.01
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or…
- CVE-2023-2978May 30, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the…
- CVE-2023-28334Mar 23, 2023risk 0.00cvss —epss 0.01
Authenticated users were able to enumerate other users' names via the learning plans page.