CWE-424
Allowed-with-ReviewImproper Protection of Alternate Path
Abstraction: Class · Status: Draft
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
61 vulnerabilities reference this CWE, most recent first.
GHSA-64GV-P96G-GQXJ
Vulnerability from github – Published: 2025-04-26 21:31 – Updated: 2025-04-26 21:31CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.
{
"affected": [],
"aliases": [
"CVE-2025-46655"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-26T21:15:15Z",
"severity": "MODERATE"
},
"details": "CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.",
"id": "GHSA-64gv-p96g-gqxj",
"modified": "2025-04-26T21:31:26Z",
"published": "2025-04-26T21:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46655"
},
{
"type": "WEB",
"url": "https://github.com/hackmdio/codimd/issues/1910"
},
{
"type": "WEB",
"url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6WWP-WCG5-RJ5M
Vulnerability from github – Published: 2024-10-08 09:30 – Updated: 2024-10-08 09:30A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2023-52952"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T09:15:10Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions \u003e= V11.5.1 \u003c V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions \u003e= V11.5.1 \u003c V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions \u003e= V11.5.1 \u003c V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions \u003e= V11.5.1 \u003c V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system.",
"id": "GHSA-6wwp-wcg5-rj5m",
"modified": "2024-10-08T09:30:53Z",
"published": "2024-10-08T09:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52952"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-540493.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7WX2-94C7-J77H
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-07-14 15:31An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.
{
"affected": [],
"aliases": [
"CVE-2026-0237"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T18:16:12Z",
"severity": "HIGH"
},
"details": "An improper protection of alternate path vulnerability in Palo Alto Networks Prisma\u00ae Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to the browser, bypassing security controls.",
"id": "GHSA-7wx2-94c7-j77h",
"modified": "2026-07-14T15:31:57Z",
"published": "2026-05-13T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0237"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0237"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-8JV2-3395-QJHF
Vulnerability from github – Published: 2023-11-03 03:30 – Updated: 2023-11-03 03:30IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.
{
"affected": [],
"aliases": [
"CVE-2023-46176"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-03T01:15:08Z",
"severity": "MODERATE"
},
"details": "IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.",
"id": "GHSA-8jv2-3395-qjhf",
"modified": "2023-11-03T03:30:24Z",
"published": "2023-11-03T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46176"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269535"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7060769"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-947F-QH3G-PCJ5
Vulnerability from github – Published: 2024-09-12 21:32 – Updated: 2024-09-12 21:32An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
{
"affected": [],
"aliases": [
"CVE-2024-8311"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T19:15:04Z",
"severity": "MODERATE"
},
"details": "An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.",
"id": "GHSA-947f-qh3g-pcj5",
"modified": "2024-09-12T21:32:02Z",
"published": "2024-09-12T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8311"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/479315"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C7V6-MQ2J-8VG6
Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2022-07-07 00:00The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.
{
"affected": [],
"aliases": [
"CVE-2022-1742"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T15:15:00Z",
"severity": "HIGH"
},
"details": "The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.",
"id": "GHSA-c7v6-mq2j-8vg6",
"modified": "2022-07-07T00:00:29Z",
"published": "2022-06-25T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1742"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CXWJ-F3W7-6266
Vulnerability from github – Published: 2026-06-11 00:32 – Updated: 2026-07-13 15:31A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.
This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
{
"affected": [],
"aliases": [
"CVE-2026-0268"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T22:16:53Z",
"severity": "MODERATE"
},
"details": "A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.",
"id": "GHSA-cxwj-f3w7-6266",
"modified": "2026-07-13T15:31:37Z",
"published": "2026-06-11T00:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0268"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-GGWG-CMWP-46R5
Vulnerability from github – Published: 2025-04-10 03:31 – Updated: 2025-10-22 19:29Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "yiisoft/yii2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.52"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-58136"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-10T20:26:18Z",
"nvd_published_at": "2025-04-10T03:15:17Z",
"severity": "CRITICAL"
},
"details": "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.",
"id": "GHSA-ggwg-cmwp-46r5",
"modified": "2025-10-22T19:29:49Z",
"published": "2025-04-10T03:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58136"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/pull/20232"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/pull/20232#issuecomment-2252459709"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/commit/40fe496eda529fd1d933b56a1022ec32d3cd0b12"
},
{
"type": "PACKAGE",
"url": "https://github.com/yiisoft/yii2"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/compare/2.0.51...2.0.52"
},
{
"type": "WEB",
"url": "https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-58136"
},
{
"type": "WEB",
"url": "https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H",
"type": "CVSS_V3"
}
],
"summary": "yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key"
}
GHSA-GQV5-GQC6-QRCH
Vulnerability from github – Published: 2025-11-14 18:31 – Updated: 2025-11-14 18:31An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.
Browser self-protection should be enabled to mitigate this issue.
{
"affected": [],
"aliases": [
"CVE-2025-4617"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-14T18:15:47Z",
"severity": "LOW"
},
"details": "An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma\u00ae Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser.\n\n\nBrowser self-protection should be enabled to mitigate this issue.",
"id": "GHSA-gqv5-gqc6-qrch",
"modified": "2025-11-14T18:31:39Z",
"published": "2025-11-14T18:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4617"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-4617"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-GWW7-XG42-6356
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-02-12 03:31KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.
{
"affected": [],
"aliases": [
"CVE-2024-3459"
],
"database_specific": {
"cwe_ids": [
"CWE-424"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:41:12Z",
"severity": "HIGH"
},
"details": "KioWare for Windows (versions all\u00a0through 8.34)\u00a0allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.",
"id": "GHSA-gww7-xg42-6356",
"modified": "2025-02-12T03:31:14Z",
"published": "2024-05-14T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3459"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/04/CVE-2024-3459"
},
{
"type": "WEB",
"url": "https://www.kioware.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Deploy different layers of protection to implement security in depth.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-554: Functionality Bypass
An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.