CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14625 vulnerabilities reference this CWE, most recent first.
GHSA-6MPP-CM3V-23VV
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2023-10-27 15:17A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.1"
},
"package": {
"ecosystem": "Maven",
"name": "com.xebialabs.deployit.ci:deployit-plugin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21663"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-14T16:21:33Z",
"nvd_published_at": "2021-06-10T15:15:00Z",
"severity": "MODERATE"
},
"details": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.",
"id": "GHSA-6mpp-cm3v-23vv",
"modified": "2023-10-27T15:17:57Z",
"published": "2022-05-24T19:04:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21663"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/xldeploy-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-1982"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials"
}
GHSA-6MQ9-QM49-W244
Vulnerability from github – Published: 2026-02-18 09:31 – Updated: 2026-02-18 09:31The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteorigin_widget_preview_widget_action() function which is registered via the wp_ajax_so_widgets_preview AJAX action. The function only verifies a nonce (widgets_action) but does not check user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by invoking the SiteOrigin_Widget_Editor_Widget via the preview endpoint. The required nonce is exposed on the public frontend when the Post Carousel widget is present on a page, embedded in the data-ajax-url HTML attribute.
{
"affected": [],
"aliases": [
"CVE-2026-2127"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T09:15:58Z",
"severity": "MODERATE"
},
"details": "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` function which is registered via the `wp_ajax_so_widgets_preview` AJAX action. The function only verifies a nonce (`widgets_action`) but does not check user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by invoking the `SiteOrigin_Widget_Editor_Widget` via the preview endpoint. The required nonce is exposed on the public frontend when the Post Carousel widget is present on a page, embedded in the `data-ajax-url` HTML attribute.",
"id": "GHSA-6mq9-qm49-w244",
"modified": "2026-02-18T09:31:04Z",
"published": "2026-02-18T09:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2127"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/base/inc/actions.php#L6"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/base/inc/actions.php#L75"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/widgets/editor/editor.php#L120"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.70.4/widgets/post-carousel/post-carousel.php#L590"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3460939%40so-widgets-bundle%2Ftrunk\u0026old=3434183%40so-widgets-bundle%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf92c64b-ca76-4af7-a1e4-585a60b03153?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6MQC-XV9M-7M85
Vulnerability from github – Published: 2023-09-11 21:30 – Updated: 2024-04-04 07:36In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-35677"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T21:15:42Z",
"severity": "MODERATE"
},
"details": "In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-6mqc-xv9m-7m85",
"modified": "2024-04-04T07:36:42Z",
"published": "2023-09-11T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35677"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-09-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MRR-Q3PJ-H53W
Vulnerability from github – Published: 2026-03-24 16:57 – Updated: 2026-03-25 20:59Summary
Guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions (regenerate-yaml, apply-yaml-changes) without authentication.
Details
ConfigSyncController extends BaseUpdaterController, and the base updater is anonymously accessible for control panel requests. index emits signed updater state (data), which can be reused by guests in subsequent requests.
Sensitive actions that are reachable via this method are actionApplyYamlChanges, actionRegenerateYaml, applyExternalChanges, and regenerateExternalConfig.
Reproduction steps
-
Guest POST to:
http POST /admin/actions/config-sync/index
-
Extract data from returned JS state:
Craft.updater = ... setState({"data":"", ...});
-
Reuse data as a guest:
POST /admin/actions/config-sync/regenerate-yaml
data=<signedData>&<csrfParam>=<csrfToken>
or
POST /admin/actions/config-sync/apply-yaml-changes
data=<signedData>&<csrfParam>=<csrfToken>
- Observe completed response and state/file changes.
Impact
Unauthenticated users can execute project configuration sync operations that should be restricted to trusted admin/deployment contexts.
Depending on the pending YAML/config state, this can cause unauthorized config state transitions and a service integrity risk.
Resources
https://github.com/craftcms/cms/commit/7f0ead833f7
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.9.13"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-RC1"
},
{
"fixed": "5.9.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.17.7"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0-RC1"
},
{
"fixed": "4.17.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33159"
],
"database_specific": {
"cwe_ids": [
"CWE-306",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-24T16:57:17Z",
"nvd_published_at": "2026-03-24T18:16:09Z",
"severity": "MODERATE"
},
"details": "### Summary\nGuest users can access Config Sync updater `index`, obtain signed `data`, and execute state-changing Config Sync actions (`regenerate-yaml`, `apply-yaml-changes`) without authentication.\n\n### Details\n\n`ConfigSyncController` extends `BaseUpdaterController`, and the base updater is anonymously accessible for control panel requests. `index` emits signed updater state (`data`), which can be reused by guests in subsequent requests.\n\nSensitive actions that are reachable via this method are `actionApplyYamlChanges`, `actionRegenerateYaml`, `applyExternalChanges`, and `regenerateExternalConfig`.\n\n#### Reproduction steps\n\n1. Guest POST to:\n\n http POST /admin/actions/config-sync/index\n\n 2. Extract data from returned JS state:\n\n Craft.updater = ... setState({\"data\":\"\u003csignedData\u003e\", ...});\n\n 3. Reuse data as a guest:\n\n```\n POST /admin/actions/config-sync/regenerate-yaml\n data=\u003csignedData\u003e\u0026\u003ccsrfParam\u003e=\u003ccsrfToken\u003e\n```\n\n or\n\n```\n POST /admin/actions/config-sync/apply-yaml-changes\n data=\u003csignedData\u003e\u0026\u003ccsrfParam\u003e=\u003ccsrfToken\u003e\n```\n\n 4. Observe completed response and state/file changes.\n\n### Impact\n\nUnauthenticated users can execute project configuration sync operations that should be restricted to trusted admin/deployment contexts.\n\nDepending on the pending YAML/config state, this can cause unauthorized config state transitions and a service integrity risk.\n\n### Resources\n\nhttps://github.com/craftcms/cms/commit/7f0ead833f7",
"id": "GHSA-6mrr-q3pj-h53w",
"modified": "2026-03-25T20:59:54Z",
"published": "2026-03-24T16:57:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-6mrr-q3pj-h53w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33159"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/commit/7f0ead833f7c2b91ae12003caad833479dd08592"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/cms"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/releases/tag/4.17.8"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/releases/tag/5.9.14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations"
}
GHSA-6MV8-95X5-XCQ9
Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2024-04-16 15:47A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "ai.h2o:h2o-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.40.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6038"
],
"database_specific": {
"cwe_ids": [
"CWE-29",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-08T18:41:10Z",
"nvd_published_at": "2023-11-16T17:15:09Z",
"severity": "CRITICAL"
},
"details": "A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.",
"id": "GHSA-6mv8-95x5-xcq9",
"modified": "2024-04-16T15:47:04Z",
"published": "2023-11-16T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6038"
},
{
"type": "PACKAGE",
"url": "https://github.com/h2oai/h2o-3"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/380fce33-fec5-49d9-a101-12c972125d8c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "H2O local file inclusion vulnerability"
}
GHSA-6P3P-H3VC-6RH5
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
{
"affected": [],
"aliases": [
"CVE-2026-23708"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T16:16:37Z",
"severity": "HIGH"
},
"details": "A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.",
"id": "GHSA-6p3p-h3vc-6rh5",
"modified": "2026-04-14T18:30:35Z",
"published": "2026-04-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23708"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P3X-GV74-M3JX
Vulnerability from github – Published: 2026-03-05 06:30 – Updated: 2026-03-05 21:30Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through <= 1.3.9.
{
"affected": [],
"aliases": [
"CVE-2026-28104"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-05T06:16:44Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through \u003c= 1.3.9.",
"id": "GHSA-6p3x-gv74-m3jx",
"modified": "2026-03-05T21:30:44Z",
"published": "2026-03-05T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28104"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/site-suggest/vulnerability/wordpress-site-suggest-plugin-1-3-9-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6P4M-HW2H-6GMW
Vulnerability from github – Published: 2023-01-25 19:39 – Updated: 2025-05-13 20:56Impact
All Argo CD versions starting with 2.5.0-rc1 are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces.
Description of exploit
Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-.
Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource.
Limitations
This bug only applies to users who have explicitly enabled the "apps-in-any-namespace" feature by setting application.namespaces in the argocd-cmd-params-cm ConfigMap or otherwise setting the --application-namespaces flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory's publish date.
The bug is also limited to Argo CD instances where sharding is enabled by increasing the replicas count for the Application controller.
Finally, the AppProjects' sourceNamespaces field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace.
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
- v2.5.8
- v2.6.0-rc5
Workarounds
Running only one replica of the Application controller will prevent exploitation of this bug.
Making sure all AppProjects' sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug.
Credits
Thanks to ChangZhuo Chen (@czchen) for finding the issue and for contributing the fix!
References
For more information
- Open an issue in the Argo CD issue tracker or discussions
- Join us on Slack in channel #argo-cd
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0-rc1"
},
{
"fixed": "2.5.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-cd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0-rc4"
},
{
"fixed": "2.6.0-rc5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.6.0-rc4"
]
}
],
"aliases": [
"CVE-2023-22736"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-25T19:39:03Z",
"nvd_published_at": "2023-01-26T21:18:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAll Argo CD versions starting with 2.5.0-rc1 are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. \n\n#### Description of exploit\n\nReconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be `argocd-*`, the Application controller may reconcile an Application installed in a namespace called `other`, even though it does not start with `argocd-`.\n\nReconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource.\n\n#### Limitations\n\nThis bug only applies to users who have explicitly enabled the \"apps-in-any-namespace\" feature by setting `application.namespaces` in the argocd-cmd-params-cm ConfigMap or otherwise setting the `--application-namespaces` flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory\u0027s publish date.\n\nThe bug is also limited to Argo CD instances where sharding is enabled by increasing the `replicas` count for the Application controller.\n\nFinally, the AppProjects\u0027 `sourceNamespaces` field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace.\n\n### Patches\n\nA patch for this vulnerability has been released in the following Argo CD versions:\n\n* v2.5.8\n* v2.6.0-rc5\n\n### Workarounds\n\nRunning only one replica of the Application controller will prevent exploitation of this bug.\n\nMaking sure all AppProjects\u0027 `sourceNamespaces` are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug.\n\n### Credits\n\nThanks to ChangZhuo Chen (@czchen) for finding the issue and for contributing the fix!\n\n### References\n\n* [Documentation for apps-in-any-namespace](https://argo-cd--10678.org.readthedocs.build/en/10678/operator-manual/app-any-namespace/)\n\n### For more information\n\n* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)\n* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd",
"id": "GHSA-6p4m-hw2h-6gmw",
"modified": "2025-05-13T20:56:19Z",
"published": "2023-01-25T19:39:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6p4m-hw2h-6gmw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22736"
},
{
"type": "PACKAGE",
"url": "https://github.com/argoproj/argo-cd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Controller reconciles apps outside configured namespaces when sharding is enabled"
}
GHSA-6P5Q-JJVW-VG9P
Vulnerability from github – Published: 2026-03-12 06:31 – Updated: 2026-03-12 06:31A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.
{
"affected": [],
"aliases": [
"CVE-2026-3977"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-12T04:16:39Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.",
"id": "GHSA-6p5q-jjvw-vg9p",
"modified": "2026-03-12T06:31:36Z",
"published": "2026-03-12T06:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3977"
},
{
"type": "WEB",
"url": "https://github.com/projectsend/projectsend/issues/1525"
},
{
"type": "WEB",
"url": "https://github.com/projectsend/projectsend/issues/1525#issuecomment-3957109914"
},
{
"type": "WEB",
"url": "https://github.com/projectsend/projectsend/commit/35dfd6f08f7d517709c77ee73e57367141107e6b"
},
{
"type": "WEB",
"url": "https://github.com/projectsend/projectsend"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.350412"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.350412"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6P6W-G5HW-RG47
Vulnerability from github – Published: 2023-12-04 03:30 – Updated: 2023-12-07 00:30In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
{
"affected": [],
"aliases": [
"CVE-2023-42689"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-04T01:15:09Z",
"severity": "HIGH"
},
"details": "In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed",
"id": "GHSA-6p6w-g5hw-rg47",
"modified": "2023-12-07T00:30:38Z",
"published": "2023-12-04T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42689"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.