CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-3F9P-F8R2-MQHP
Vulnerability from github – Published: 2024-10-16 15:32 – Updated: 2026-04-01 18:32: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.
{
"affected": [],
"aliases": [
"CVE-2024-49247"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-16T13:15:14Z",
"severity": "CRITICAL"
},
"details": ": Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.",
"id": "GHSA-3f9p-f8r2-mqhp",
"modified": "2026-04-01T18:32:01Z",
"published": "2024-10-16T15:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49247"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/better-bp-registration/vulnerability/wordpress-buddypress-better-registration-plugin-1-6-broken-authentication-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/better-bp-registration/wordpress-buddypress-better-registration-plugin-1-6-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3FF9-CFF4-995J
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
{
"affected": [],
"aliases": [
"CVE-2026-42411"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:16:54Z",
"severity": "HIGH"
},
"details": "Unauthenticated Broken Authentication in CloudSecure WP Security \u003c= 1.4.7 versions.",
"id": "GHSA-3ff9-cff4-995j",
"modified": "2026-06-15T21:30:47Z",
"published": "2026-06-15T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42411"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/cloudsecure-wp-security/vulnerability/wordpress-cloudsecure-wp-security-plugin-1-4-7-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3GRX-CG6P-5WC6
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.
{
"affected": [],
"aliases": [
"CVE-2026-35642"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:33Z",
"severity": "MODERATE"
},
"details": "OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.",
"id": "GHSA-3grx-cg6p-5wc6",
"modified": "2026-04-10T00:30:30Z",
"published": "2026-04-10T00:30:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35642"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-group-reactions-via-requiremention-bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3J3G-3PW9-9VCC
Vulnerability from github – Published: 2025-12-05 12:30 – Updated: 2025-12-05 18:31mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.
This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2025-66200"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-05T11:15:52Z",
"severity": "MODERATE"
},
"details": "mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.\n\nThis issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.",
"id": "GHSA-3j3g-3pw9-9vcc",
"modified": "2025-12-05T18:31:09Z",
"published": "2025-12-05T12:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66200"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/12/04/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3JX8-9W5M-FVM9
Vulnerability from github – Published: 2025-11-04 03:30 – Updated: 2025-12-17 21:30A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.
{
"affected": [],
"aliases": [
"CVE-2025-43436"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T02:15:49Z",
"severity": "HIGH"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to enumerate a user\u0027s installed apps.",
"id": "GHSA-3jx8-9w5m-fvm9",
"modified": "2025-12-17T21:30:36Z",
"published": "2025-11-04T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43436"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125632"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125634"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125637"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125638"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125639"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3P2J-4MPR-385W
Vulnerability from github – Published: 2025-11-10 21:30 – Updated: 2025-11-12 21:31Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-12431"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-10T20:15:37Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)",
"id": "GHSA-3p2j-4mpr-385w",
"modified": "2025-11-12T21:31:06Z",
"published": "2025-11-10T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12431"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/436887350"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3R56-5R55-J5MH
Vulnerability from github – Published: 2024-12-02 09:39 – Updated: 2024-12-02 09:39An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
{
"affected": [],
"aliases": [
"CVE-2024-10490"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T09:15:04Z",
"severity": "HIGH"
},
"details": "An \u201cAuthentication Bypass Using an Alternate Path or Channel\u201d vulnerability in the OPC UA Server configuration required for B\u0026R mapp Cockpit before 6.0, B\u0026R mapp View before 6.0, B\u0026R mapp Services before 6.0, B\u0026R mapp Motion before 6.0 and B\u0026R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.\nB\u0026R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.",
"id": "GHSA-3r56-5r55-j5mh",
"modified": "2024-12-02T09:39:12Z",
"published": "2024-12-02T09:39:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10490"
},
{
"type": "WEB",
"url": "https://www.br-automation.com/fileadmin/SA22P014-90c4aa35.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3RG5-WJQJ-4Q4G
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
{
"affected": [],
"aliases": [
"CVE-2017-9944"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-27T17:08:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions \u003c V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.",
"id": "GHSA-3rg5-wjqj-4q4g",
"modified": "2022-05-13T01:36:04Z",
"published": "2022-05-13T01:36:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9944"
},
{
"type": "WEB",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101184"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3RQ6-78WC-Q47C
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
{
"affected": [],
"aliases": [
"CVE-2026-40790"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:16:51Z",
"severity": "MODERATE"
},
"details": "Subscriber Sensitive Data Exposure in WP SMS \u003c= 7.2.1 versions.",
"id": "GHSA-3rq6-78wc-q47c",
"modified": "2026-06-15T21:30:46Z",
"published": "2026-06-15T21:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40790"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-sms/vulnerability/wordpress-wp-sms-plugin-7-2-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3RQJ-JCHW-9CC7
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2024-01-12 16:18The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "2.1"
},
{
"fixed": "2.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "2.2"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-2356"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-12T16:18:18Z",
"nvd_published_at": "2012-07-21T03:38:00Z",
"severity": "MODERATE"
},
"details": "The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.",
"id": "GHSA-3rqj-jchw-9cc7",
"modified": "2024-01-12T16:18:18Z",
"published": "2022-05-13T01:13:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2356"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/0f83dd10a1d013e77906c7be4560126bb14c6b5c"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/29e247e44e983f230f248192ffac8e7b7abe37fd"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/51c5e6057c67687f5d872f8a228cfea275abf576"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-32239"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2012/05/23/2"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Moodle Authentication Bypass in Question-Bank"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.