Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-63FQ-R3MP-FPCF

Vulnerability from github – Published: 2023-06-29 21:30 – Updated: 2024-04-04 05:18
VLAI
Details

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-29T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry\u0027s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.",
  "id": "GHSA-63fq-r3mp-fpcf",
  "modified": "2024-04-04T05:18:12Z",
  "published": "2023-06-29T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30946"
    },
    {
      "type": "WEB",
      "url": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63MH-3Q59-GMP2

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:20:46Z",
    "severity": "CRITICAL"
  },
  "details": "Unauthenticated Broken Authentication in wpForo Forum \u003c= 3.1.0 versions.",
  "id": "GHSA-63mh-3q59-gmp2",
  "modified": "2026-06-17T18:35:52Z",
  "published": "2026-06-17T18:35:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49767"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-3-1-0-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6573-9WW9-37V2

Vulnerability from github – Published: 2024-07-24 03:32 – Updated: 2024-07-24 03:32
VLAI
Details

The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-24T03:15:05Z",
    "severity": "HIGH"
  },
  "details": "The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.",
  "id": "GHSA-6573-9ww9-37v2",
  "modified": "2024-07-24T03:32:20Z",
  "published": "2024-07-24T03:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7027"
    },
    {
      "type": "WEB",
      "url": "https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-658W-F28G-3J4H

Vulnerability from github – Published: 2024-11-13 12:32 – Updated: 2024-11-13 12:32
VLAI
Details

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T12:15:16Z",
    "severity": "HIGH"
  },
  "details": "A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.",
  "id": "GHSA-658w-f28g-3j4h",
  "modified": "2024-11-13T12:32:12Z",
  "published": "2024-11-13T12:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47574"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-199"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65C5-J3WR-V7FH

Vulnerability from github – Published: 2025-12-15 12:30 – Updated: 2026-02-18 15:31
VLAI
Details

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle

By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges

In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions

This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-15T11:15:39Z",
    "severity": "LOW"
  },
  "details": "An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u00a0granted by the user to the main application bundle\n\n\n\n\nBy executing the bundled interpreter directly the attacker\u0027s scripts run with the application\u0027s TCC\u00a0privileges\n\n\n\n\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\n\nThis issue affects LibreOffice on macOS: from 25.2 before \u003c 25.2.4.",
  "id": "GHSA-65c5-j3wr-v7fh",
  "modified": "2026-02-18T15:31:23Z",
  "published": "2025-12-15T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14714"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-67VV-7C97-F7H6

Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-01 12:31
VLAI
Details

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T04:17:14Z",
    "severity": "MODERATE"
  },
  "details": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.",
  "id": "GHSA-67vv-7c97-f7h6",
  "modified": "2026-07-01T12:31:34Z",
  "published": "2026-07-01T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20459"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-685V-CWV9-JXP3

Vulnerability from github – Published: 2023-01-18 00:30 – Updated: 2023-01-25 18:30
VLAI
Details

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-18T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.",
  "id": "GHSA-685v-cwv9-jxp3",
  "modified": "2023-01-25T18:30:49Z",
  "published": "2023-01-18T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46732"
    },
    {
      "type": "WEB",
      "url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-68GP-7M2F-PCH3

Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2026-04-01 18:32
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-16T16:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.",
  "id": "GHSA-68gp-7m2f-pch3",
  "modified": "2026-04-01T18:32:52Z",
  "published": "2024-12-16T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43234"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/theme/woffice/vulnerability/wordpress-woffice-theme-5-4-14-unauthenticated-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-68RG-V3M3-F4HP

Vulnerability from github – Published: 2025-07-11 06:30 – Updated: 2026-01-16 15:31
VLAI
Details

The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-11T06:15:24Z",
    "severity": "MODERATE"
  },
  "details": "The AXIS Camera Station Server had a flaw that allowed\nto bypass authentication that is normally required.",
  "id": "GHSA-68rg-v3m3-f4hp",
  "modified": "2026-01-16T15:31:22Z",
  "published": "2025-07-11T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30026"
    },
    {
      "type": "WEB",
      "url": "https://www.axis.com/dam/public/a3/42/92/cve-2025-30026pdf-en-US-485735.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6925-Q744-QCX6

Vulnerability from github – Published: 2022-05-05 00:00 – Updated: 2022-05-17 00:01
VLAI
Details

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-288",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-04T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.",
  "id": "GHSA-6925-q744-qcx6",
  "modified": "2022-05-17T00:01:43Z",
  "published": "2022-05-05T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23724"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html"
    },
    {
      "type": "WEB",
      "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.