Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

GHSA-54JJ-4V6G-J34H

Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-08 18:31
VLAI
Details

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T17:16:41Z",
    "severity": "CRITICAL"
  },
  "details": "OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware\u0027s comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.",
  "id": "GHSA-54jj-4v6g-j34h",
  "modified": "2026-06-08T18:31:51Z",
  "published": "2026-06-08T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25555"
    },
    {
      "type": "WEB",
      "url": "https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5629-8855-GF4G

Vulnerability from github – Published: 2021-11-18 20:12 – Updated: 2021-11-17 21:07
VLAI
Summary
Authentication Bypass by CSRF Weakness
Details

Impact

The actual vulnerability has been discovered on solidus_auth_devise. See GHSA-xm34-v85h-9pg2 for details.

The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update solidus_auth_devise. For this reason, it has been marked as low impact on this end.

Patches

For extra security, update solidus_core to versions 3.1.3, 3.0.3 or 2.11.12.

Workarounds

Look at the workarounds described at GHSA-xm34-v85h-9pg2.

References

For more information

If you have any questions or comments about this advisory: * Open an issue in solidus_auth_devise or a discussion in solidus * Email us at security@solidus.io * Contact the core team on Slack

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "solidus_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "solidus_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "solidus_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-305",
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-17T21:07:30Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\nThe actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details.\n\nThe security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don\u0027t update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end.\n\n### Patches\nFor extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`.\n\n### Workarounds\nLook at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).\n\n### References\n- [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions)\n* Email us at [security@solidus.io](mailto:security@soliidus.io)\n* Contact the core team on [Slack](http://slack.solidus.io/)\n",
  "id": "GHSA-5629-8855-gf4g",
  "modified": "2021-11-17T21:07:30Z",
  "published": "2021-11-18T20:12:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-5629-8855-gf4g"
    },
    {
      "type": "WEB",
      "url": "https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/solidusio/solidus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Authentication Bypass by CSRF Weakness "
}

GHSA-56WX-66PX-9J66

Vulnerability from github – Published: 2025-05-13 21:34 – Updated: 2025-05-13 21:34
VLAI
Summary
OPKSSH Vulnerable to Authentication Bypass
Details

Impact

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.

Patches

The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.

To determine if you are vulnerable run on your server:

opkssh --version

If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:

wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash

References

CVE-2025-4658

The upstream vulnerability in OpenPubkey is CVE-2025-3757 and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openpubkey/opkssh"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-4658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-13T21:34:58Z",
    "nvd_published_at": "2025-05-13T17:16:04Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nVersions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.\n\n### Patches\n\nThe vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH  when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.\n\nTo determine if you are vulnerable run on your server:\n\n```bash\nopkssh --version\n```\n\nIf the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:\n\n```bash\nwget -qO- \"https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh\" | sudo bash\n``` \n\n\n### References\n\n[CVE-2025-4658](https://www.cve.org/CVERecord?id=CVE-2025-4658)\n\nThe upstream vulnerability in OpenPubkey is [CVE-2025-3757](https://www.cve.org/CVERecord?id=CVE-2025-3757) and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq",
  "id": "GHSA-56wx-66px-9j66",
  "modified": "2025-05-13T21:34:58Z",
  "published": "2025-05-13T21:34:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4658"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openpubkey/opkssh"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OPKSSH Vulnerable to Authentication Bypass "
}

GHSA-59M6-82QM-VQGJ

Vulnerability from github – Published: 2023-07-21 20:17 – Updated: 2023-07-21 20:17
VLAI
Summary
Dapr API token authentication bypass in HTTP endpoints
Details

Summary

A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.

Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 and 1.11.2.

Impact

This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the dapr-api-token in the request is invalid or missing.

Patches

The issue has been fixed in Dapr 1.10.9 and 1.11.2.

Details

When API token authentication is enabled, Dapr requires all calls from applications to include the dapr-api-token header, with a value matching what's included in the Dapr's configuration. In order to allow for healthchecks to work, the /v1.0/healthz and /v1.0/healthz/outbound HTTP APIs are excluded from the API token authentication check, and are always allowed.

Dapr <= 1.10.8 and <= 1.11.1 implemented the allowlisting of the healthcheck endpoints by permitting all requests whose URL contains /healthz to bypass the API token authentication check. The match applied anywhere in the URL, including the querystring.

As a consequence, attackers were able to bypass API token authentication by including /healthz anywhere in the URL, including as a querystring parameter. This allowed attackers to invoke any Dapr API using HTTP, including perform service invocation.

Proof of Concept

``` $ curl -v http://localhost:3500/v1.0/metadata * Trying ::1:3500... * Connected to localhost (::1) port 3500 (#0)

GET /v1.0/metadata HTTP/1.1 Host: localhost:3500 User-Agent: curl/7.74.0 Accept: /

  • Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Date: Mon, 17 Jul 2023 18:13:13 GMT < Content-Type: text/plain; charset=utf-8 < Content-Length: 17 < Traceparent: 00-00000000000000000000000000000000-0000000000000000-00 <
  • Connection #0 to host localhost left intact invalid api token

$ curl -v http://localhost:3500/v1.0/metadata -H "dapr-api-token: mytoken" * Trying ::1:3500... * Connected to localhost (::1) port 3500 (#0)

GET /v1.0/metadata HTTP/1.1 Host: localhost:3500 User-Agent: curl/7.74.0 Accept: / dapr-api-token: mytoken

  • Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Mon, 17 Jul 2023 18:13:26 GMT < Content-Type: application/json < Content-Length: 119 < Traceparent: 00-00000000000000000000000000000000-0000000000000000-00 <
  • Connection #0 to host localhost left intact {"id":"foo","actors":[],"extended":{"daprRuntimeVersion":"v1.11.1"},"components":[],"httpEndpoints":[],"subscriptions":[]}

$ curl -v http://localhost:3500/v1.0/metadata?foo=/healthz * Trying ::1:3500... * Connected to localhost (::1) port 3500 (#0)

GET /v1.0/metadata?foo=/healthz HTTP/1.1 Host: localhost:3500 User-Agent: curl/7.74.0 Accept: /

  • Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Mon, 17 Jul 2023 18:13:44 GMT < Content-Type: application/json < Content-Length: 119 < Traceparent: 00-00000000000000000000000000000000-0000000000000000-00 <
  • Connection #0 to host localhost left intact {"id":"foo","actors":[],"extended":{"daprRuntimeVersion":"v1.11.1"},"components":[],"httpEndpoints":[],"subscriptions":[]}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/dapr/dapr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/dapr/dapr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-21T20:17:36Z",
    "nvd_published_at": "2023-07-21T21:15:11Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\n\nA vulnerability has been found in Dapr that allows bypassing [API token authentication](https://docs.dapr.io/operations/security/api-token/), which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request.\n\n\nUsers who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 and 1.11.2.\n\n\n### Impact\n\n\nThis vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing.\n\n\n### Patches\n\n\nThe issue has been fixed in Dapr 1.10.9 and 1.11.2.\n\n\n### Details\n\n\nWhen API token authentication is enabled, Dapr requires all calls from applications to include the `dapr-api-token` header, with a value matching what\u0027s included in the Dapr\u0027s configuration. In order to allow for healthchecks to work, the `/v1.0/healthz` and `/v1.0/healthz/outbound` HTTP APIs are excluded from the API token authentication check, and are always allowed.\n\n\nDapr \u003c= 1.10.8 and \u003c= 1.11.1 implemented the allowlisting of the healthcheck endpoints by permitting all requests whose URL contains `/healthz` to bypass the API token authentication check. The match applied anywhere in the URL, including the querystring.\n\n\nAs a consequence, attackers were able to bypass API token authentication by including `/healthz` anywhere in the URL, including as a querystring parameter. This allowed attackers to invoke any Dapr API using HTTP, including perform service invocation.\n\n\n### Proof of Concept\n\n\n```\n$ curl -v http://localhost:3500/v1.0/metadata\n* Trying ::1:3500...\n* Connected to localhost (::1) port 3500 (#0)\n\u003e GET /v1.0/metadata HTTP/1.1\n\u003e Host: localhost:3500\n\u003e User-Agent: curl/7.74.0\n\u003e Accept: */*\n\u003e\n* Mark bundle as not supporting multiuse\n\u003c HTTP/1.1 401 Unauthorized\n\u003c Date: Mon, 17 Jul 2023 18:13:13 GMT\n\u003c Content-Type: text/plain; charset=utf-8\n\u003c Content-Length: 17\n\u003c Traceparent: 00-00000000000000000000000000000000-0000000000000000-00\n\u003c\n* Connection #0 to host localhost left intact\ninvalid api token\n\n\n$ curl -v http://localhost:3500/v1.0/metadata -H \"dapr-api-token: mytoken\"\n* Trying ::1:3500...\n* Connected to localhost (::1) port 3500 (#0)\n\u003e GET /v1.0/metadata HTTP/1.1\n\u003e Host: localhost:3500\n\u003e User-Agent: curl/7.74.0\n\u003e Accept: */*\n\u003e dapr-api-token: mytoken\n\u003e\n* Mark bundle as not supporting multiuse\n\u003c HTTP/1.1 200 OK\n\u003c Date: Mon, 17 Jul 2023 18:13:26 GMT\n\u003c Content-Type: application/json\n\u003c Content-Length: 119\n\u003c Traceparent: 00-00000000000000000000000000000000-0000000000000000-00\n\u003c\n* Connection #0 to host localhost left intact\n{\"id\":\"foo\",\"actors\":[],\"extended\":{\"daprRuntimeVersion\":\"v1.11.1\"},\"components\":[],\"httpEndpoints\":[],\"subscriptions\":[]}\n\n\n$ curl -v http://localhost:3500/v1.0/metadata?foo=/healthz\n* Trying ::1:3500...\n* Connected to localhost (::1) port 3500 (#0)\n\u003e GET /v1.0/metadata?foo=/healthz HTTP/1.1\n\u003e Host: localhost:3500\n\u003e User-Agent: curl/7.74.0\n\u003e Accept: */*\n\u003e\n* Mark bundle as not supporting multiuse\n\u003c HTTP/1.1 200 OK\n\u003c Date: Mon, 17 Jul 2023 18:13:44 GMT\n\u003c Content-Type: application/json\n\u003c Content-Length: 119\n\u003c Traceparent: 00-00000000000000000000000000000000-0000000000000000-00\n\u003c\n* Connection #0 to host localhost left intact\n{\"id\":\"foo\",\"actors\":[],\"extended\":{\"daprRuntimeVersion\":\"v1.11.1\"},\"components\":[],\"httpEndpoints\":[],\"subscriptions\":[]}\n",
  "id": "GHSA-59m6-82qm-vqgj",
  "modified": "2023-07-21T20:17:36Z",
  "published": "2023-07-21T20:17:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37918"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae"
    },
    {
      "type": "WEB",
      "url": "https://docs.dapr.io/operations/security/api-token"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dapr/dapr"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Dapr API token authentication bypass in HTTP endpoints"
}

GHSA-5FV2-2P94-9GH7

Vulnerability from github – Published: 2026-03-25 15:31 – Updated: 2026-03-25 15:31
VLAI
Details

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T14:16:37Z",
    "severity": "MODERATE"
  },
  "details": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.",
  "id": "GHSA-5fv2-2p94-9gh7",
  "modified": "2026-03-25T15:31:29Z",
  "published": "2026-03-25T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3591"
    },
    {
      "type": "WEB",
      "url": "https://downloads.isc.org/isc/bind9/9.20.21"
    },
    {
      "type": "WEB",
      "url": "https://downloads.isc.org/isc/bind9/9.21.20"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2026-3591"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5HG3-FFV7-G5FF

Vulnerability from github – Published: 2023-01-18 18:30 – Updated: 2023-01-26 15:30
VLAI
Details

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-18T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.",
  "id": "GHSA-5hg3-ffv7-g5ff",
  "modified": "2023-01-26T15:30:31Z",
  "published": "2023-01-18T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3100"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5HWC-8C64-25VM

Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2024-04-04 03:41
VLAI
Details

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-25T19:15:10Z",
    "severity": "MODERATE"
  },
  "details": "The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.",
  "id": "GHSA-5hwc-8c64-25vm",
  "modified": "2024-04-04T03:41:01Z",
  "published": "2023-04-25T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40723"
    },
    {
      "type": "WEB",
      "url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q3W-6P3J-MW6P

Vulnerability from github – Published: 2026-03-11 12:31 – Updated: 2026-06-02 15:31
VLAI
Details

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-11T11:16:00Z",
    "severity": "MODERATE"
  },
  "details": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.",
  "id": "GHSA-5q3w-6p3j-mw6p",
  "modified": "2026-06-02T15:31:54Z",
  "published": "2026-03-11T12:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3584903"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2026-3784.html"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2026-3784.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/11/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-625F-424X-6J4W

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-05-24 17:27
VLAI
Details

A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-09T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.",
  "id": "GHSA-625f-424x-6j4w",
  "modified": "2022-05-24T17:27:38Z",
  "published": "2022-05-24T17:27:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15787"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-629X-6X88-9G8P

Vulnerability from github – Published: 2025-05-02 15:31 – Updated: 2025-05-02 15:31
VLAI
Details

KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T19:15:57Z",
    "severity": "CRITICAL"
  },
  "details": "KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal.",
  "id": "GHSA-629x-6x88-9g8p",
  "modified": "2025-05-02T15:31:45Z",
  "published": "2025-05-02T15:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32011"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01"
    },
    {
      "type": "WEB",
      "url": "http://packages.revolutionpi.de/pool/main/p/pictory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.