CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14621 vulnerabilities reference this CWE, most recent first.
GHSA-X2WP-7759-9MC6
Vulnerability from github – Published: 2025-12-13 18:30 – Updated: 2025-12-13 18:30The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to retrieve media items associated with draft or private posts.
{
"affected": [],
"aliases": [
"CVE-2025-9218"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-13T16:16:57Z",
"severity": "LOW"
},
"details": "The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to retrieve media items associated with draft or private posts.",
"id": "GHSA-x2wp-7759-9mc6",
"modified": "2025-12-13T18:30:22Z",
"published": "2025-12-13T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9218"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3386907/buddypress-media/tags/4.7.4/app/main/controllers/api/RTMediaJsonApi.php"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/buddypress-media/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68533b4c-1bdf-4104-a263-757b018af129?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X2WV-CV4X-66P6
Vulnerability from github – Published: 2025-07-30 06:31 – Updated: 2025-07-30 06:31The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.
{
"affected": [],
"aliases": [
"CVE-2025-8322"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T04:16:10Z",
"severity": "HIGH"
},
"details": "The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system administrator privilege.",
"id": "GHSA-x2wv-cv4x-66p6",
"modified": "2025-07-30T06:31:29Z",
"published": "2025-07-30T06:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8322"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10305-2eca0-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10304-6b375-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X2X7-P37C-43CR
Vulnerability from github – Published: 2026-06-01 09:31 – Updated: 2026-07-09 20:53The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to read. Affects deployments that rely on per-Dag read scoping while granting users broader Asset access. Users are advised to upgrade to apache-airflow 3.2.2 or later.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41014"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-09T20:53:26Z",
"nvd_published_at": "2026-06-01T09:16:18Z",
"severity": "MODERATE"
},
"details": "The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to read. Affects deployments that rely on per-Dag read scoping while granting users broader Asset access. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.",
"id": "GHSA-x2x7-p37c-43cr",
"modified": "2026-07-09T20:53:26Z",
"published": "2026-06-01T09:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41014"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/65344"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-182.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/12nbzwwby7g883w2j13gn7ny1545xob9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/31/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow has a Missing Authorization issue"
}
GHSA-X322-J5QJ-M76R
Vulnerability from github – Published: 2025-01-02 12:32 – Updated: 2026-04-23 15:34Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28.
{
"affected": [],
"aliases": [
"CVE-2023-45275"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-02T12:15:09Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in Kali Forms Contact Form builder with drag \u0026 drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag \u0026 drop - Kali Forms: from n/a through 2.3.28.",
"id": "GHSA-x322-j5qj-m76r",
"modified": "2026-04-23T15:34:12Z",
"published": "2025-01-02T12:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45275"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-contact-form-builder-with-drag-drop-plugin-2-3-27-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X32G-HHG9-MGV8
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 18:30Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.
{
"affected": [],
"aliases": [
"CVE-2023-52227"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T17:15:50Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in MailerLite MailerLite \u2013 WooCommerce integration.This issue affects MailerLite \u2013 WooCommerce integration: from n/a through 2.0.8.",
"id": "GHSA-x32g-hhg9-mgv8",
"modified": "2024-06-11T18:30:46Z",
"published": "2024-06-11T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52227"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/woo-mailerlite/wordpress-mailerlite-woocommerce-integration-plugin-2-0-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X33W-HJV7-GPX7
Vulnerability from github – Published: 2025-07-16 12:30 – Updated: 2025-08-02 03:31The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the ‘edit_posts’ capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin’s reset link and elevate their privileges to administrator.
{
"affected": [],
"aliases": [
"CVE-2025-6993"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-16T10:15:29Z",
"severity": "HIGH"
},
"details": "The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the \u2018edit_posts\u2019 capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin\u2019s reset link and elevate their privileges to administrator.",
"id": "GHSA-x33w-hjv7-gpx7",
"modified": "2025-08-02T03:31:20Z",
"published": "2025-07-16T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6993"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/ultimate-wp-mail/tags/1.3.6/includes/Ajax.class.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3328277"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/ultimate-wp-mail/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b19794de-b623-4017-bd91-73986383c58b?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X34H-54CW-9825
Vulnerability from github – Published: 2026-03-27 19:35 – Updated: 2026-03-31 18:41act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local actions, one can create malicious caches containing whatever files one pleases, most likely allowing arbitrary remote code execution within the Docker container.
Discovery
Discovered while discussing forgejo/runner#294.
Proposed Mitigation
It was discussed to append a secret to ACTIONS_CACHE_URL to retain compatibility with GitHub's cache action and still allow authorization. Forgejo is considering also encoding which repo is currently being run in CI into the secret in the URL to prevent unrelated repos using the same (probably global) runner from seeing each other's caches.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.2.85"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nektos/act"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.86"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34042"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-27T19:35:16Z",
"nvd_published_at": "2026-03-31T03:15:58Z",
"severity": "HIGH"
},
"details": "act\u0027s built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it \u2014 including someone anywhere on the internet \u2014 to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local actions, one can create malicious caches containing whatever files one pleases, most likely allowing arbitrary remote code execution within the Docker container.\n\n## Discovery\n\nDiscovered while discussing [forgejo/runner#294](https://code.forgejo.org/forgejo/runner/issues/294).\n\n## Proposed Mitigation\n\nIt was discussed to append a secret to `ACTIONS_CACHE_URL` to retain compatibility with GitHub\u0027s cache action and still allow authorization. Forgejo is considering also encoding which repo is currently being run in CI into the secret in the URL to prevent unrelated repos using the same (probably global) runner from seeing each other\u0027s caches.",
"id": "GHSA-x34h-54cw-9825",
"modified": "2026-03-31T18:41:01Z",
"published": "2026-03-27T19:35:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nektos/act/security/advisories/GHSA-x34h-54cw-9825"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34042"
},
{
"type": "WEB",
"url": "https://github.com/nektos/act/commit/c28c27e141e8b54f9853de82f421ee09846751f7"
},
{
"type": "WEB",
"url": "https://code.forgejo.org/forgejo/runner/issues/294"
},
{
"type": "PACKAGE",
"url": "https://github.com/nektos/act"
},
{
"type": "WEB",
"url": "https://github.com/nektos/act/releases/tag/v0.2.86"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "act: actions/cache server allows malicious cache injection"
}
GHSA-X34R-GP68-RFQR
Vulnerability from github – Published: 2026-07-11 09:34 – Updated: 2026-07-11 09:34The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to inject arbitrary reply content into any store inquiry, overwrite the main inquiry record in wp_wcfm_enquiries, and trigger unsolicited notification emails to customers and vendors. Unlike sibling controller branches (wcfm-enquiry and wcfm-enquiry-manage), the wcfm-my-account-enquiry-manage branch performs no is_user_logged_in() or current_user_can() check, and the nonce that serves as the sole barrier is embedded into every public page load without any login gate.
{
"affected": [],
"aliases": [
"CVE-2026-12994"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-11T07:16:45Z",
"severity": "MODERATE"
},
"details": "The WCFM \u2013 Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to inject arbitrary reply content into any store inquiry, overwrite the main inquiry record in wp_wcfm_enquiries, and trigger unsolicited notification emails to customers and vendors. Unlike sibling controller branches (wcfm-enquiry and wcfm-enquiry-manage), the wcfm-my-account-enquiry-manage branch performs no is_user_logged_in() or current_user_can() check, and the nonce that serves as the sole barrier is embedded into every public page load without any login gate.",
"id": "GHSA-x34r-gp68-rfqr",
"modified": "2026-07-11T09:34:18Z",
"published": "2026-07-11T09:34:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12994"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/controllers/enquiry/wcfm-controller-enquiry-manage.php#L278"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/controllers/enquiry/wcfm-controller-enquiry-manage.php#L290"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-enquiry.php#L321"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-enquiry.php#L48"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.26/core/class-wcfm-frontend.php#L1197"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/controllers/enquiry/wcfm-controller-enquiry-manage.php#L278"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/controllers/enquiry/wcfm-controller-enquiry-manage.php#L290"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-enquiry.php#L321"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-enquiry.php#L48"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.27/core/class-wcfm-frontend.php#L1197"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3588570%40wc-frontend-manager\u0026new=3588570%40wc-frontend-manager"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/676b4637-a2c7-4a95-b644-bb0401f91b40?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X36F-P8VG-F8R8
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-06-19 15:30Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
{
"affected": [],
"aliases": [
"CVE-2023-41805"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T13:15:55Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.",
"id": "GHSA-x36f-p8vg-f8r8",
"modified": "2024-06-19T15:30:52Z",
"published": "2024-06-19T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41805"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X384-W54Q-V324
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:50rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
{
"affected": [],
"aliases": [
"CVE-2019-10145"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-03T19:29:00Z",
"severity": "HIGH"
},
"details": "rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.",
"id": "GHSA-x384-w54q-v324",
"modified": "2024-04-04T00:50:43Z",
"published": "2022-05-24T16:46:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10145"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10145"
},
{
"type": "WEB",
"url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.