Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-54R4-PPJ3-FQ8F

Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-07-12 00:00
VLAI
Details

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-30T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.",
  "id": "GHSA-54r4-ppj3-fq8f",
  "modified": "2022-07-12T00:00:54Z",
  "published": "2022-07-01T00:01:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23719"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"
    },
    {
      "type": "WEB",
      "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54X7-Q6M6-MJQV

Vulnerability from github – Published: 2023-06-08 03:30 – Updated: 2024-04-04 04:40
VLAI
Details

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-08T02:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.",
  "id": "GHSA-54x7-q6m6-mjqv",
  "modified": "2024-04-04T04:40:21Z",
  "published": "2023-06-08T03:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2986"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TycheSoftwares/woocommerce-abandoned-cart/pull/885#issuecomment-1601813615"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ayantaker/CVE-2023-2986"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php#L1815"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php?rev=2916178#L1800"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2922242"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2925274%40woocommerce-abandoned-cart\u0026new=2925274%40woocommerce-abandoned-cart\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2023/06/tyche-softwares-addresses-authentication-bypass-vulnerability-in-abandoned-cart-lite-for-woocommerce-wordpress-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=cve"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/172966/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173018/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-556J-VP5W-5QJ6

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:58
VLAI
Details

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-521"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-18T23:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.",
  "id": "GHSA-556j-vp5w-5qj6",
  "modified": "2024-04-04T01:58:21Z",
  "published": "2022-05-24T16:56:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3758"
    },
    {
      "type": "WEB",
      "url": "https://community.rsa.com/docs/DOC-106759"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/security/en-us/details/DOC-106759/DSA-2019-127-RSA-Archer-Security-Update-for-Multiple-Vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-557X-V644-WJ6Q

Vulnerability from github – Published: 2025-12-18 18:30 – Updated: 2026-04-28 21:35
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T17:15:55Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.",
  "id": "GHSA-557x-v644-wj6q",
  "modified": "2026-04-28T21:35:51Z",
  "published": "2025-12-18T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64236"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/tuturn/vulnerability/wordpress-tuturn-plugin-3-6-broken-authentication-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/wordpress/plugin/tuturn/vulnerability/wordpress-tuturn-plugin-3-6-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58F6-6RJ2-3V8R

Vulnerability from github – Published: 2026-07-02 20:29 – Updated: 2026-07-02 20:29
VLAI
Summary
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
Details

Summary

When Steeltoe management endpoints are configured to listen on an alternate port (Management:Endpoints:Port is configured), the middleware responsible for restricting access to the endpoints uses the Host HTTP header rather than the actual network socket port.

Impact

An unauthenticated remote attacker can reach every actuator endpoint using a specially crafted HTTP request.

Affected configuration

  • The application's public port is accessible over from the network.
  • Management:Endpoints:Port is configured to a value different from the application's main listener port.
  • The request scheme matches Management:Endpoints:SslEnabled. For example, http when SslEnabled is false (the default), or https when SslEnabled is true.

Mitigations

If an immediate upgrade to a patched version is not possible:

  • Add explicit ASP.NET Core authorization (RequireAuthorization) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation.
  • Configure the reverse proxy or load balancer to enforce the Host header value and prevent clients from setting an arbitrary port.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.0"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Steeltoe.Management.Endpoint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.0"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Steeltoe.Management.EndpointCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.2"
            },
            {
              "fixed": "3.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T20:29:13Z",
    "nvd_published_at": "2026-06-17T22:16:23Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nWhen Steeltoe management endpoints are configured to listen on an alternate port (`Management:Endpoints:Port` is configured), the middleware responsible for restricting access to the endpoints uses the `Host` HTTP header rather than the actual network socket port. \n\n### Impact\n\nAn unauthenticated remote attacker can reach every actuator endpoint using a specially crafted HTTP request.\n\n### Affected configuration\n\n- The application\u0027s public port is accessible over from the network.\n- `Management:Endpoints:Port` is configured to a value different from the application\u0027s main listener port.\n- The request scheme matches `Management:Endpoints:SslEnabled`. For example, `http` when `SslEnabled` is `false` (the default), or `https` when `SslEnabled` is `true`.\n\n### Mitigations\n\nIf an immediate upgrade to a patched version is not possible:\n\n- Add explicit ASP.NET Core authorization (`RequireAuthorization`) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation.\n- Configure the reverse proxy or load balancer to enforce the `Host` header value and prevent clients from setting an arbitrary port.",
  "id": "GHSA-58f6-6rj2-3v8r",
  "modified": "2026-07-02T20:29:13Z",
  "published": "2026-07-02T20:29:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-58f6-6rj2-3v8r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SteeltoeOSS/Steeltoe/commit/4cbc352fe89ac2e6c609554e435ab28996fec5e9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SteeltoeOSS/Steeltoe/commit/b7ca93c510aaa08d7e4ebec40ce20c5811c2c4b6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SteeltoeOSS/steeltoe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Steeltoe vulnerable to management-port isolation bypass via spoofed Host header"
}

GHSA-5CVP-P7P4-MCX9

Vulnerability from github – Published: 2026-05-18 14:20 – Updated: 2026-06-09 10:30
VLAI
Summary
Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass
Details

Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present.

In affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials.

Impact: unauthorized access to production data exposed through the Inspector/API on affected deployments.

Affected condition: a public deployment behind a reverse proxy or same-host tunnel that forwards traffic to the Node process over loopback.

Remediation implemented on the main branch: local-request detection now fails closed in production unless loopback trust is explicitly enabled, and forwarded public clients remain remote.

Patched release version is pending; this draft will be updated once the fix is released.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "neotoma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.6.0"
            },
            {
              "fixed": "0.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T14:20:06Z",
    "nvd_published_at": "2026-05-29T18:17:10Z",
    "severity": "MODERATE"
  },
  "details": "Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present.\n\nIn affected deployments, the REST auth middleware can resolve unauthenticated requests as the local development user, making the hosted Inspector and related API surface reachable without credentials.\n\nImpact: unauthorized access to production data exposed through the Inspector/API on affected deployments.\n\nAffected condition: a public deployment behind a reverse proxy or same-host tunnel that forwards traffic to the Node process over loopback.\n\nRemediation implemented on the main branch: local-request detection now fails closed in production unless loopback trust is explicitly enabled, and forwarded public clients remain remote.\n\nPatched release version is pending; this draft will be updated once the fix is released.",
  "id": "GHSA-5cvp-p7p4-mcx9",
  "modified": "2026-06-09T10:30:37Z",
  "published": "2026-05-18T14:20:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/markmhendrickson/neotoma/security/advisories/GHSA-5cvp-p7p4-mcx9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45577"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/markmhendrickson/neotoma"
    },
    {
      "type": "WEB",
      "url": "https://github.com/markmhendrickson/neotoma/releases/tag/v0.11.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass"
}

GHSA-5GJ2-5693-P684

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-22T23:16:44Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.",
  "id": "GHSA-5gj2-5693-p684",
  "modified": "2026-05-26T13:30:21Z",
  "published": "2026-05-26T13:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33843"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5JCR-QMFF-JPH4

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:37
VLAI
Details

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-19T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.",
  "id": "GHSA-5jcr-qmff-jph4",
  "modified": "2025-04-20T03:37:51Z",
  "published": "2022-05-13T01:46:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5174"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41360"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5MRQ-972X-QWR6

Vulnerability from github – Published: 2022-04-20 00:00 – Updated: 2025-05-05 18:31
VLAI
Details

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-19T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.",
  "id": "GHSA-5mrq-972x-qwr6",
  "modified": "2025-05-05T18:31:39Z",
  "published": "2022-04-20T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0992"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2706302"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q53-766V-93H8

Vulnerability from github – Published: 2024-10-28 12:30 – Updated: 2026-04-01 18:32
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50477"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T12:15:16Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.",
  "id": "GHSA-5q53-766v-93h8",
  "modified": "2026-04-01T18:32:09Z",
  "published": "2024-10-28T12:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50477"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/stacks-mobile-app-builder/vulnerability/wordpress-stacks-mobile-app-builder-plugin-5-2-3-account-takeover-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.