Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-3F9P-F8R2-MQHP

Vulnerability from github – Published: 2024-10-16 15:32 – Updated: 2026-04-01 18:32
VLAI
Details

: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-16T13:15:14Z",
    "severity": "CRITICAL"
  },
  "details": ": Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.",
  "id": "GHSA-3f9p-f8r2-mqhp",
  "modified": "2026-04-01T18:32:01Z",
  "published": "2024-10-16T15:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49247"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/better-bp-registration/vulnerability/wordpress-buddypress-better-registration-plugin-1-6-broken-authentication-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/better-bp-registration/wordpress-buddypress-better-registration-plugin-1-6-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FF9-CFF4-995J

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:16:54Z",
    "severity": "HIGH"
  },
  "details": "Unauthenticated Broken Authentication in CloudSecure WP Security \u003c= 1.4.7 versions.",
  "id": "GHSA-3ff9-cff4-995j",
  "modified": "2026-06-15T21:30:47Z",
  "published": "2026-06-15T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42411"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/cloudsecure-wp-security/vulnerability/wordpress-cloudsecure-wp-security-plugin-1-4-7-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GRX-CG6P-5WC6

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30
VLAI
Details

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-09T22:16:33Z",
    "severity": "MODERATE"
  },
  "details": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.",
  "id": "GHSA-3grx-cg6p-5wc6",
  "modified": "2026-04-10T00:30:30Z",
  "published": "2026-04-10T00:30:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35642"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-group-reactions-via-requiremention-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3J3G-3PW9-9VCC

Vulnerability from github – Published: 2025-12-05 12:30 – Updated: 2025-12-05 18:31
VLAI
Details

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.

This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-05T11:15:52Z",
    "severity": "MODERATE"
  },
  "details": "mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.\n\nThis issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.",
  "id": "GHSA-3j3g-3pw9-9vcc",
  "modified": "2025-12-05T18:31:09Z",
  "published": "2025-12-05T12:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66200"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/12/04/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JX8-9W5M-FVM9

Vulnerability from github – Published: 2025-11-04 03:30 – Updated: 2025-12-17 21:30
VLAI
Details

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T02:15:49Z",
    "severity": "HIGH"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to enumerate a user\u0027s installed apps.",
  "id": "GHSA-3jx8-9w5m-fvm9",
  "modified": "2025-12-17T21:30:36Z",
  "published": "2025-11-04T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43436"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125632"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125634"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125637"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125638"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125639"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3P2J-4MPR-385W

Vulnerability from github – Published: 2025-11-10 21:30 – Updated: 2025-11-12 21:31
VLAI
Details

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-10T20:15:37Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)",
  "id": "GHSA-3p2j-4mpr-385w",
  "modified": "2025-11-12T21:31:06Z",
  "published": "2025-11-10T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12431"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/436887350"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3R56-5R55-J5MH

Vulnerability from github – Published: 2024-12-02 09:39 – Updated: 2024-12-02 09:39
VLAI
Details

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T09:15:04Z",
    "severity": "HIGH"
  },
  "details": "An \u201cAuthentication Bypass Using an Alternate Path or Channel\u201d vulnerability in the OPC UA Server configuration required for B\u0026R mapp Cockpit before 6.0, B\u0026R mapp View before 6.0, B\u0026R mapp Services before 6.0, B\u0026R mapp Motion before 6.0 and B\u0026R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.\nB\u0026R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.",
  "id": "GHSA-3r56-5r55-j5mh",
  "modified": "2024-12-02T09:39:12Z",
  "published": "2024-12-02T09:39:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10490"
    },
    {
      "type": "WEB",
      "url": "https://www.br-automation.com/fileadmin/SA22P014-90c4aa35.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3RG5-WJQJ-4Q4G

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-27T17:08:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions \u003c V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.",
  "id": "GHSA-3rg5-wjqj-4q4g",
  "modified": "2022-05-13T01:36:04Z",
  "published": "2022-05-13T01:36:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9944"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3RQ6-78WC-Q47C

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:16:51Z",
    "severity": "MODERATE"
  },
  "details": "Subscriber Sensitive Data Exposure in WP SMS \u003c= 7.2.1 versions.",
  "id": "GHSA-3rq6-78wc-q47c",
  "modified": "2026-06-15T21:30:46Z",
  "published": "2026-06-15T21:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40790"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wp-sms/vulnerability/wordpress-wp-sms-plugin-7-2-1-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3RQJ-JCHW-9CC7

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2024-01-12 16:18
VLAI
Summary
Moodle Authentication Bypass in Question-Bank
Details

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1"
            },
            {
              "fixed": "2.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T16:18:18Z",
    "nvd_published_at": "2012-07-21T03:38:00Z",
    "severity": "MODERATE"
  },
  "details": "The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.",
  "id": "GHSA-3rqj-jchw-9cc7",
  "modified": "2024-01-12T16:18:18Z",
  "published": "2022-05-13T01:13:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2356"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/0f83dd10a1d013e77906c7be4560126bb14c6b5c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/29e247e44e983f230f248192ffac8e7b7abe37fd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/51c5e6057c67687f5d872f8a228cfea275abf576"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-32239"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2012/05/23/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Moodle Authentication Bypass in Question-Bank"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.