CWE-863
Incorrect Authorization
Description
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,530)
page 74 of 77| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26223 | 0.00 | — | 0.01 | Nov 13, 2020 | Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty… | |||
| CVE-2020-24401 | 0.00 | — | 0.02 | Nov 9, 2020 | Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account. | |||
| CVE-2020-13957 | — | 0.00 | — | 0.79 | Oct 13, 2020 | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to… | ||
| CVE-2020-15251 | 0.00 | — | 0.01 | Oct 13, 2020 | In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected.… | |||
| CVE-2020-2286 | 0.00 | — | 0.01 | Oct 8, 2020 | Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | |||
| CVE-2020-25781 | — | 0.00 | — | 0.01 | Sep 30, 2020 | An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. | ||
| CVE-2020-1748 | — | 0.00 | — | 0.01 | Sep 16, 2020 | A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by… | ||
| CVE-2020-2258 | 0.00 | — | 0.01 | Sep 16, 2020 | Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | |||
| CVE-2020-15163 | 0.00 | — | 0.01 | Sep 9, 2020 | Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata… | |||
| CVE-2020-24941 | — | 0.00 | — | 0.01 | Sep 4, 2020 | An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. | ||
| CVE-2020-25025 | — | 0.00 | — | 0.01 | Sep 2, 2020 | The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). | ||
| CVE-2020-25026 | — | 0.00 | — | 0.01 | Sep 2, 2020 | The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control. | ||
| CVE-2020-2233 | 0.00 | — | 0.01 | Aug 12, 2020 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||
| CVE-2020-9692 | 0.00 | — | 0.04 | Jul 29, 2020 | Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2020-15120 | 0.00 | — | 0.01 | Jul 27, 2020 | In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this… | |||
| CVE-2020-15126 | 0.00 | — | 0.01 | Jul 22, 2020 | In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | |||
| CVE-2020-6506 | 0.00 | — | 0.04 | Jul 22, 2020 | Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||
| CVE-2020-15110 | 0.00 | — | 0.01 | Jul 17, 2020 | In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12. | |||
| CVE-2020-2228 | 0.00 | — | 0.01 | Jul 15, 2020 | Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | |||
| CVE-2020-7692 | — | 0.00 | — | 0.02 | Jul 9, 2020 | PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that… |
- CVE-2020-26223Nov 13, 2020risk 0.00cvss —epss 0.01
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty…
- CVE-2020-24401Nov 9, 2020risk 0.00cvss —epss 0.02
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
- CVE-2020-13957Oct 13, 2020risk 0.00cvss —epss 0.79
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to…
- CVE-2020-15251Oct 13, 2020risk 0.00cvss —epss 0.01
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected.…
- CVE-2020-2286Oct 8, 2020risk 0.00cvss —epss 0.01
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
- CVE-2020-25781Sep 30, 2020risk 0.00cvss —epss 0.01
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
- CVE-2020-1748Sep 16, 2020risk 0.00cvss —epss 0.01
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by…
- CVE-2020-2258Sep 16, 2020risk 0.00cvss —epss 0.01
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
- CVE-2020-15163Sep 9, 2020risk 0.00cvss —epss 0.01
Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata…
- CVE-2020-24941Sep 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
- CVE-2020-25025Sep 2, 2020risk 0.00cvss —epss 0.01
The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields).
- CVE-2020-25026Sep 2, 2020risk 0.00cvss —epss 0.01
The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
- CVE-2020-2233Aug 12, 2020risk 0.00cvss —epss 0.01
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
- CVE-2020-9692Jul 29, 2020risk 0.00cvss —epss 0.04
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2020-15120Jul 27, 2020risk 0.00cvss —epss 0.01
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this…
- CVE-2020-15126Jul 22, 2020risk 0.00cvss —epss 0.01
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
- CVE-2020-6506Jul 22, 2020risk 0.00cvss —epss 0.04
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.
- CVE-2020-15110Jul 17, 2020risk 0.00cvss —epss 0.01
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
- CVE-2020-2228Jul 15, 2020risk 0.00cvss —epss 0.01
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
- CVE-2020-7692Jul 9, 2020risk 0.00cvss —epss 0.02
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that…