Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5562 vulnerabilities reference this CWE, most recent first.

GHSA-24HM-FC95-562H

Vulnerability from github – Published: 2026-07-14 21:32 – Updated: 2026-07-14 21:32
VLAI
Details

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T20:17:05Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker\u0027s control. Exploitation of this issue does not require user interaction.",
  "id": "GHSA-24hm-fc95-562h",
  "modified": "2026-07-14T21:32:18Z",
  "published": "2026-07-14T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47998"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb26-73.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-24JQ-H48J-G592

Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2024-01-21 03:30
VLAI
Details

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-15T20:08:00Z",
    "severity": "MODERATE"
  },
  "details": "The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.",
  "id": "GHSA-24jq-h48j-g592",
  "modified": "2024-01-21T03:30:23Z",
  "published": "2022-05-02T00:11:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4577"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=240409"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32164"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32471"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33149"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33624"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36904"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200812-16.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0205.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31587"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-838-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2745"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-24QP-4XX8-3JVJ

Vulnerability from github – Published: 2025-03-24 19:05 – Updated: 2025-03-24 21:47
VLAI
Summary
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Details

Impact

For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces

Egress traffic from workloads covered by such network policies to LoadBalancers configured by Gateway resources will incorrectly be allowed.

LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue.

Patches

This issue was fixed by https://github.com/cilium/proxy/pull/1172.

This issue affects:

  • Cilium v1.15 between v1.15.0 and v1.15.14 inclusive
  • Cilium v1.16 between v1.16.0 and v1.16.7 inclusive
  • Cilium v1.17 between v1.17.0 and v1.17.1 inclusive

This issue is fixed in:

  • Cilium v1.15.15
  • Cilium v1.16.8
  • Cilium v1.17.2

Workarounds

A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade. An outline of such a policy is provided below:

apiVersion: "cilium.io/v2"
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: "workaround"
spec:
  endpointSelector:
    matchExpressions:
    - key: reserved:ingress
      operator: Exists
  ingress:
  - fromEntities:
    - world
  • The policy opens up connectivity from all locations outside the cluster into the Cilium Ingress Gateway.
  • The policy establishes a default deny for all other traffic towards the Cilium Ingress Gateway, including all in-cluster sources.
  • It is possible to tailor the policy to more narrowly allow inbound traffic while creating a default deny posture for traffic between namespaces. Users should edit the policy to bring it in line with the security requirements particular to their environments.

Acknowledgements

The Cilium community has worked together with members of the Isovalent team to prepare these mitigations. Special thanks to @jrajahalme for the fix.

For more information

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.16.0"
            },
            {
              "fixed": "1.16.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.17.0"
            },
            {
              "fixed": "1.17.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.15.0"
            },
            {
              "fixed": "1.15.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-30162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-24T19:05:04Z",
    "nvd_published_at": "2025-03-24T19:15:52Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nFor Cilium users who:\n- Use Gateway API for Ingress for some services **AND**\n- Use [LB-IPAM](https://docs.cilium.io/en/stable/network/lb-ipam/) or BGP for LB Service implementation **AND**\n- Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces\n\nEgress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed.\n\nLoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue.\n\n### Patches\n\nThis issue was fixed by https://github.com/cilium/proxy/pull/1172.\n\nThis issue affects:\n\n- Cilium v1.15 between v1.15.0 and v1.15.14 inclusive\n- Cilium v1.16 between v1.16.0 and v1.16.7 inclusive\n- Cilium v1.17 between v1.17.0 and v1.17.1 inclusive\n\nThis issue is fixed in:\n\n- Cilium v1.15.15\n- Cilium v1.16.8\n- Cilium v1.17.2\n\n### Workarounds\n\nA Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade. An outline of such a policy is provided below:\n\n```\napiVersion: \"cilium.io/v2\"\nkind: CiliumClusterwideNetworkPolicy\nmetadata:\n  name: \"workaround\"\nspec:\n  endpointSelector:\n    matchExpressions:\n    - key: reserved:ingress\n      operator: Exists\n  ingress:\n  - fromEntities:\n    - world\n```\n\n- The policy opens up connectivity from all locations outside the cluster into the Cilium Ingress Gateway.\n- The policy establishes a default deny for all other traffic towards the Cilium Ingress Gateway, including all in-cluster sources.\n- It is possible to tailor the policy to more narrowly allow inbound traffic while creating a default deny posture for traffic between namespaces. Users should edit the policy to bring it in line with the security requirements particular to their environments.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of the Isovalent team to prepare these mitigations. Special thanks to @jrajahalme for the fix.\n\n### For more information\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated as top priority.",
  "id": "GHSA-24qp-4xx8-3jvj",
  "modified": "2025-03-24T21:47:14Z",
  "published": "2025-03-24T19:05:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-24qp-4xx8-3jvj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30162"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/proxy/pull/1172"
    },
    {
      "type": "WEB",
      "url": "https://docs.cilium.io/en/stable/network/lb-ipam"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers"
}

GHSA-254H-GVGQ-X2XG

Vulnerability from github – Published: 2024-09-12 18:31 – Updated: 2024-09-12 18:31
VLAI
Details

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-12T17:15:04Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.",
  "id": "GHSA-254h-gvgq-x2xg",
  "modified": "2024-09-12T18:31:41Z",
  "published": "2024-09-12T18:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2743"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2411756"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25G4-P347-X748

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2023-10-27 11:34
VLAI
Summary
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin
Details

Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being granted long after the configuration was changed to no longer grant them. Role-based Authorization Strategy Plugin 3.1 properly invalidates the cache on configuration changes.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:role-strategy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12"
            },
            {
              "fixed": "3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-21T02:15:49Z",
    "nvd_published_at": "2020-10-08T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being granted long after the configuration was changed to no longer grant them. Role-based Authorization Strategy Plugin 3.1 properly invalidates the cache on configuration changes.",
  "id": "GHSA-25g4-p347-x748",
  "modified": "2023-10-27T11:34:02Z",
  "published": "2022-05-24T17:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2286"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1767"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin"
}

GHSA-25JX-22X6-2CX2

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2025-07-07 18:32
VLAI
Details

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40843"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator\u0027s user account.",
  "id": "GHSA-25jx-22x6-2cx2",
  "modified": "2025-07-07T18:32:11Z",
  "published": "2022-11-15T12:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40843"
    },
    {
      "type": "WEB",
      "url": "https://boschko.ca/tenda_ac1200_router"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25PW-4H6W-QWVM

Vulnerability from github – Published: 2026-03-03 22:54 – Updated: 2026-03-30 13:47
VLAI
Summary
OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback
Details

Summary

In openclaw@2026.2.25, BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist.

A sender that was only DM-paired (not explicitly present in groupAllowFrom) could pass group sender checks for message and reaction ingress.

Per OpenClaw's SECURITY.md trust model, this is a constrained authorization-consistency issue, not a multi-tenant boundary bypass or host-privilege escalation.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version at triage time: 2026.2.25
  • Affected versions: <= 2026.2.25
  • Patched versions: >= 2026.2.26 (planned next release)

Technical Details

Root cause was DM/group allowlist composition where DM pairing-store identities could flow into group authorization decisions.

Fix approach: - centralize DM/group authorization composition via shared resolvers - remove local DM/group list recomposition at channel callsites - add cross-channel regression coverage for message + reaction ingress - add CI guard to block future pairing-store leakage into group auth composition

Impact

  • Affects deployments using BlueBubbles with groupPolicy=allowlist and dmPolicy=pairing when pairing-store entries are present.
  • Could allow DM-authorized identities to be treated as group-authorized without explicit groupAllowFrom membership.
  • Does not bypass gateway auth, sandbox boundaries, or create new host-level privilege beyond existing DM authorization.

Fix Commit(s)

  • 051fdcc428129446e7c084260f837b7284279ce9

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.26) so once npm 2026.2.26 is published, this advisory can be published without further content edits.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.25"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T22:54:46Z",
    "nvd_published_at": "2026-03-19T22:16:33Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nIn `openclaw@2026.2.25`, BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when `dmPolicy=pairing` and `groupPolicy=allowlist`.\n\nA sender that was only DM-paired (not explicitly present in `groupAllowFrom`) could pass group sender checks for message and reaction ingress.\n\nPer OpenClaw\u0027s `SECURITY.md` trust model, this is a constrained authorization-consistency issue, not a multi-tenant boundary bypass or host-privilege escalation.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version at triage time: `2026.2.25`\n- Affected versions: `\u003c= 2026.2.25`\n- Patched versions: `\u003e= 2026.2.26` (planned next release)\n\n### Technical Details\nRoot cause was DM/group allowlist composition where DM pairing-store identities could flow into group authorization decisions.\n\nFix approach:\n- centralize DM/group authorization composition via shared resolvers\n- remove local DM/group list recomposition at channel callsites\n- add cross-channel regression coverage for message + reaction ingress\n- add CI guard to block future pairing-store leakage into group auth composition\n\n### Impact\n- Affects deployments using BlueBubbles with `groupPolicy=allowlist` and `dmPolicy=pairing` when pairing-store entries are present.\n- Could allow DM-authorized identities to be treated as group-authorized without explicit `groupAllowFrom` membership.\n- Does **not** bypass gateway auth, sandbox boundaries, or create new host-level privilege beyond existing DM authorization.\n\n### Fix Commit(s)\n- `051fdcc428129446e7c084260f837b7284279ce9`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.26`) so once npm `2026.2.26` is published, this advisory can be published without further content edits.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-25pw-4h6w-qwvm",
  "modified": "2026-03-30T13:47:34Z",
  "published": "2026-03-03T22:54:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25pw-4h6w-qwvm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32006"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/051fdcc428129446e7c084260f837b7284279ce9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/1aadf26f9acc399affabd859937a09468a9c5cb4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-fallback-in-group-allowlist"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback"
}

GHSA-25VQ-XHX7-64Q5

Vulnerability from github – Published: 2025-11-01 06:30 – Updated: 2025-11-01 06:30
VLAI
Details

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with Author-level access and above, to clear all data like terms and categories.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-01T06:15:40Z",
    "severity": "MODERATE"
  },
  "details": "The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with Author-level access and above, to clear all data like terms and categories.",
  "id": "GHSA-25vq-xhx7-64q5",
  "modified": "2025-11-01T06:30:36Z",
  "published": "2025-11-01T06:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12038"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3384176/folderly/trunk/includes/Rest#file0"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81d43850-c6aa-4340-a0e0-41e04e958848?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25X7-989G-366H

Vulnerability from github – Published: 2023-06-21 21:30 – Updated: 2024-04-04 04:59
VLAI
Details

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-268",
      "CWE-269",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-21T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.",
  "id": "GHSA-25x7-989g-366h",
  "modified": "2024-04-04T04:59:31Z",
  "published": "2023-06-21T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0971"
    },
    {
      "type": "WEB",
      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2623-9JVF-X9V2

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-10-07 18:16
VLAI
Details

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-12T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.",
  "id": "GHSA-2623-9jvf-x9v2",
  "modified": "2022-10-07T18:16:03Z",
  "published": "2022-05-24T17:47:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28872"
    },
    {
      "type": "WEB",
      "url": "https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/48981"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.