Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

GHSA-6F9W-R8MJ-4H2W

Vulnerability from github – Published: 2021-12-22 00:00 – Updated: 2022-01-05 00:02
VLAI
Details

Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-21T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.",
  "id": "GHSA-6f9w-r8mj-4h2w",
  "modified": "2022-01-05T00:02:04Z",
  "published": "2021-12-22T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27453"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6H7H-M7P5-HJQP

Vulnerability from github – Published: 2026-03-30 18:04 – Updated: 2026-03-31 21:40
VLAI
Summary
Sulu checks fix permissions for subentities endpoints
Details

Impact

A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts.

Patches

The issue was patched in release 2.6.22 and 3.0.5.

Workarounds

Create a Symfony Request Listener checking the permissions for the specific roles.

Resources

Github Advisory: https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sulu/sulu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.6.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sulu/sulu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-30T18:04:10Z",
    "nvd_published_at": "2026-03-31T21:16:29Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts.\n\n### Patches\n\nThe issue was patched in release 2.6.22 and 3.0.5.\n\n### Workarounds\n\nCreate a Symfony Request Listener checking the permissions for the specific roles.\n\n### Resources\n\nGithub Advisory: https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp",
  "id": "GHSA-6h7h-m7p5-hjqp",
  "modified": "2026-03-31T21:40:41Z",
  "published": "2026-03-30T18:04:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34372"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sulu/sulu"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/releases/tag/2.6.22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sulu/sulu/releases/tag/3.0.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Sulu checks fix permissions for subentities endpoints"
}

GHSA-6JH2-MQQC-57CX

Vulnerability from github – Published: 2024-10-28 03:30 – Updated: 2024-10-28 03:30
VLAI
Details

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10438"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T03:15:02Z",
    "severity": "HIGH"
  },
  "details": "The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.",
  "id": "GHSA-6jh2-mqqc-57cx",
  "modified": "2024-10-28T03:30:39Z",
  "published": "2024-10-28T03:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10438"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6JWP-4WVJ-6597

Vulnerability from github – Published: 2025-04-01 09:30 – Updated: 2025-05-27 18:34
VLAI
Summary
Apache Pinot Vulnerable to Authentication Bypass
Details

Authentication Bypass Issue

If the path does not contain / and contain., authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users

Return: {"code":401,"error":"HTTP 401 Unauthorized"}

Malicious Request and Response Example

curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .

Return: {"users":{}}

A new user gets added bypassing authentication, enabling the user to control Pinot.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pinot:pinot-broker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pinot:pinot-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pinot:pinot-controller"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-56325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-01T18:20:48Z",
    "nvd_published_at": "2025-04-01T09:15:15Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Issue\n\nIf the path does not contain / and contain., authentication is not required.\n\nExpected Normal Request and Response Example\n\ncurl -X POST -H \"Content-Type: application/json\" -d {\\\"username\\\":\\\"hack2\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"}  http://{server_ip}:9000/users \n\n\nReturn: {\"code\":401,\"error\":\"HTTP 401 Unauthorized\"}\n\n\nMalicious Request and Response Example \n\ncurl -X POST -H \"Content-Type: application/json\" -d \u0027{\\\"username\\\":\\\"hack\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"}\u0027  http://{serverip}:9000/users; http://{serverip}:9000/users; .\n\n\nReturn: {\"users\":{}}\n\n\n\n \n\nA new user gets added bypassing authentication, enabling the user to control Pinot.",
  "id": "GHSA-6jwp-4wvj-6597",
  "modified": "2025-05-27T18:34:51Z",
  "published": "2025-04-01T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56325"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/pinot/pull/14383"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/pinot/commit/1b87488aeaf4836e3ef25b426ebbf1ad5a68e68f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/pinot"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/pinot/releases/tag/release-1.3.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/27/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Pinot Vulnerable to Authentication Bypass"
}

GHSA-6MJQ-9P26-VG33

Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2024-04-04 03:40
VLAI
Details

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-25T19:15:10Z",
    "severity": "MODERATE"
  },
  "details": "PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.",
  "id": "GHSA-6mjq-9p26-vg33",
  "modified": "2024-04-04T03:40:54Z",
  "published": "2023-04-25T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40725"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6MMX-XCWP-RVJ9

Vulnerability from github – Published: 2025-05-05 21:31 – Updated: 2025-05-06 15:31
VLAI
Details

An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-05T20:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.",
  "id": "GHSA-6mmx-xcwp-rvj9",
  "modified": "2025-05-06T15:31:04Z",
  "published": "2025-05-05T21:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45607"
    },
    {
      "type": "WEB",
      "url": "https://github.com/michaelliao/itranswarp/issues/73"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6Q34-632F-JR72

Vulnerability from github – Published: 2026-04-16 15:31 – Updated: 2026-04-16 15:31
VLAI
Details

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T15:17:38Z",
    "severity": "HIGH"
  },
  "details": "Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.",
  "id": "GHSA-6q34-632f-jr72",
  "modified": "2026-04-16T15:31:33Z",
  "published": "2026-04-16T15:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3324"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/log-management/advisory/CVE-2026-3324.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WPW-J4XP-QQV8

Vulnerability from github – Published: 2026-06-02 18:31 – Updated: 2026-06-02 18:31
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation.

This issue affects BookIt: from n/a before 2.5.4.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40780"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-02T16:16:39Z",
    "severity": "HIGH"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation.\n\nThis issue affects BookIt: from n/a before 2.5.4.1.",
  "id": "GHSA-6wpw-j4xp-qqv8",
  "modified": "2026-06-02T18:31:32Z",
  "published": "2026-06-02T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40780"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/bookit/vulnerability/wordpress-bookit-plugin-2-5-1-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6WXW-HVR8-55J8

Vulnerability from github – Published: 2025-06-09 18:32 – Updated: 2026-04-01 18:35
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India allows Authentication Abuse. This issue affects PayU India: from n/a through 3.8.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-09T16:15:36Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India allows Authentication Abuse. This issue affects PayU India: from n/a through 3.8.5.",
  "id": "GHSA-6wxw-hvr8-55j8",
  "modified": "2026-04-01T18:35:24Z",
  "published": "2025-06-09T18:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31022"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/payu-india/vulnerability/wordpress-payu-india-plugin-3-8-5-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73C8-PH6W-G64X

Vulnerability from github – Published: 2024-06-11 15:31 – Updated: 2024-06-11 15:31
VLAI
Details

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T14:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior",
  "id": "GHSA-73c8-ph6w-g64x",
  "modified": "2024-06-11T15:31:14Z",
  "published": "2024-06-11T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2012"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.