VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 52 of 54
  • CVE-2023-1463Mar 17, 2023
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

  • CVE-2023-28109Mar 16, 2023
    risk 0.00cvss epss 0.01

    Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as…

  • CVE-2021-36400Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

  • CVE-2022-4802Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4798Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4806Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4812Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4799Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4803Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4811Dec 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.

  • CVE-2022-4686Dec 23, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.

  • CVE-2022-31683Dec 19, 2022
    risk 0.00cvss epss 0.00

    Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.

  • CVE-2022-42129Nov 15, 2022
    risk 0.00cvss epss 0.01

    An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId`…

  • CVE-2022-42344Oct 20, 2022
    risk 0.00cvss epss 0.01

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.

  • CVE-2022-40186Sep 22, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an…

  • CVE-2022-30852Jul 8, 2022
    risk 0.00cvss epss 0.01

    Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).

  • CVE-2022-1245Jul 7, 2022
    risk 0.00cvss epss 0.01

    A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain…

  • CVE-2022-0624Jun 28, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.

  • CVE-2022-31027Jun 6, 2022
    risk 0.00cvss epss 0.00

    OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The…

  • CVE-2022-1996Jun 6, 2022
    risk 0.00cvss epss 0.03

    Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.