CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5562 vulnerabilities reference this CWE, most recent first.
GHSA-24HM-FC95-562H
Vulnerability from github – Published: 2026-07-14 21:32 – Updated: 2026-07-14 21:32Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
{
"affected": [],
"aliases": [
"CVE-2026-47998"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T20:17:05Z",
"severity": "MODERATE"
},
"details": "Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker\u0027s control. Exploitation of this issue does not require user interaction.",
"id": "GHSA-24hm-fc95-562h",
"modified": "2026-07-14T21:32:18Z",
"published": "2026-07-14T21:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47998"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/magento/apsb26-73.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-24JQ-H48J-G592
Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2024-01-21 03:30The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
{
"affected": [],
"aliases": [
"CVE-2008-4577"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-10-15T20:08:00Z",
"severity": "MODERATE"
},
"details": "The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.",
"id": "GHSA-24jq-h48j-g592",
"modified": "2024-01-21T03:30:23Z",
"published": "2022-05-02T00:11:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4577"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html"
},
{
"type": "WEB",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=240409"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32164"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32471"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/33149"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/33624"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36904"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200812-16.xml"
},
{
"type": "WEB",
"url": "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0205.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31587"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-838-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2745"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-24QP-4XX8-3JVJ
Vulnerability from github – Published: 2025-03-24 19:05 – Updated: 2025-03-24 21:47Impact
For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces
Egress traffic from workloads covered by such network policies to LoadBalancers configured by Gateway resources will incorrectly be allowed.
LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue.
Patches
This issue was fixed by https://github.com/cilium/proxy/pull/1172.
This issue affects:
- Cilium v1.15 between v1.15.0 and v1.15.14 inclusive
- Cilium v1.16 between v1.16.0 and v1.16.7 inclusive
- Cilium v1.17 between v1.17.0 and v1.17.1 inclusive
This issue is fixed in:
- Cilium v1.15.15
- Cilium v1.16.8
- Cilium v1.17.2
Workarounds
A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade. An outline of such a policy is provided below:
apiVersion: "cilium.io/v2"
kind: CiliumClusterwideNetworkPolicy
metadata:
name: "workaround"
spec:
endpointSelector:
matchExpressions:
- key: reserved:ingress
operator: Exists
ingress:
- fromEntities:
- world
- The policy opens up connectivity from all locations outside the cluster into the Cilium Ingress Gateway.
- The policy establishes a default deny for all other traffic towards the Cilium Ingress Gateway, including all in-cluster sources.
- It is possible to tailor the policy to more narrowly allow inbound traffic while creating a default deny posture for traffic between namespaces. Users should edit the policy to bring it in line with the security requirements particular to their environments.
Acknowledgements
The Cilium community has worked together with members of the Isovalent team to prepare these mitigations. Special thanks to @jrajahalme for the fix.
For more information
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-30162"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-24T19:05:04Z",
"nvd_published_at": "2025-03-24T19:15:52Z",
"severity": "LOW"
},
"details": "### Impact\n\nFor Cilium users who:\n- Use Gateway API for Ingress for some services **AND**\n- Use [LB-IPAM](https://docs.cilium.io/en/stable/network/lb-ipam/) or BGP for LB Service implementation **AND**\n- Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces\n\nEgress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed.\n\nLoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue.\n\n### Patches\n\nThis issue was fixed by https://github.com/cilium/proxy/pull/1172.\n\nThis issue affects:\n\n- Cilium v1.15 between v1.15.0 and v1.15.14 inclusive\n- Cilium v1.16 between v1.16.0 and v1.16.7 inclusive\n- Cilium v1.17 between v1.17.0 and v1.17.1 inclusive\n\nThis issue is fixed in:\n\n- Cilium v1.15.15\n- Cilium v1.16.8\n- Cilium v1.17.2\n\n### Workarounds\n\nA Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade. An outline of such a policy is provided below:\n\n```\napiVersion: \"cilium.io/v2\"\nkind: CiliumClusterwideNetworkPolicy\nmetadata:\n name: \"workaround\"\nspec:\n endpointSelector:\n matchExpressions:\n - key: reserved:ingress\n operator: Exists\n ingress:\n - fromEntities:\n - world\n```\n\n- The policy opens up connectivity from all locations outside the cluster into the Cilium Ingress Gateway.\n- The policy establishes a default deny for all other traffic towards the Cilium Ingress Gateway, including all in-cluster sources.\n- It is possible to tailor the policy to more narrowly allow inbound traffic while creating a default deny posture for traffic between namespaces. Users should edit the policy to bring it in line with the security requirements particular to their environments.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of the Isovalent team to prepare these mitigations. Special thanks to @jrajahalme for the fix.\n\n### For more information\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated as top priority.",
"id": "GHSA-24qp-4xx8-3jvj",
"modified": "2025-03-24T21:47:14Z",
"published": "2025-03-24T19:05:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-24qp-4xx8-3jvj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30162"
},
{
"type": "WEB",
"url": "https://github.com/cilium/proxy/pull/1172"
},
{
"type": "WEB",
"url": "https://docs.cilium.io/en/stable/network/lb-ipam"
},
{
"type": "PACKAGE",
"url": "https://github.com/cilium/cilium"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers"
}
GHSA-254H-GVGQ-X2XG
Vulnerability from github – Published: 2024-09-12 18:31 – Updated: 2024-09-12 18:31An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
{
"affected": [],
"aliases": [
"CVE-2024-2743"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T17:15:04Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.",
"id": "GHSA-254h-gvgq-x2xg",
"modified": "2024-09-12T18:31:41Z",
"published": "2024-09-12T18:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2743"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2411756"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-25G4-P347-X748
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2023-10-27 11:34Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being granted long after the configuration was changed to no longer grant them. Role-based Authorization Strategy Plugin 3.1 properly invalidates the cache on configuration changes.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:role-strategy"
},
"ranges": [
{
"events": [
{
"introduced": "2.12"
},
{
"fixed": "3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-2286"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-21T02:15:49Z",
"nvd_published_at": "2020-10-08T13:15:00Z",
"severity": "HIGH"
},
"details": "Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being granted long after the configuration was changed to no longer grant them. Role-based Authorization Strategy Plugin 3.1 properly invalidates the cache on configuration changes.",
"id": "GHSA-25g4-p347-x748",
"modified": "2023-10-27T11:34:02Z",
"published": "2022-05-24T17:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2286"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1767"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin"
}
GHSA-25JX-22X6-2CX2
Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2025-07-07 18:32The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.
{
"affected": [],
"aliases": [
"CVE-2022-40843"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T02:15:00Z",
"severity": "MODERATE"
},
"details": "The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator\u0027s user account.",
"id": "GHSA-25jx-22x6-2cx2",
"modified": "2025-07-07T18:32:11Z",
"published": "2022-11-15T12:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40843"
},
{
"type": "WEB",
"url": "https://boschko.ca/tenda_ac1200_router"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-25PW-4H6W-QWVM
Vulnerability from github – Published: 2026-03-03 22:54 – Updated: 2026-03-30 13:47Summary
In openclaw@2026.2.25, BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist.
A sender that was only DM-paired (not explicitly present in groupAllowFrom) could pass group sender checks for message and reaction ingress.
Per OpenClaw's SECURITY.md trust model, this is a constrained authorization-consistency issue, not a multi-tenant boundary bypass or host-privilege escalation.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version at triage time:
2026.2.25 - Affected versions:
<= 2026.2.25 - Patched versions:
>= 2026.2.26(planned next release)
Technical Details
Root cause was DM/group allowlist composition where DM pairing-store identities could flow into group authorization decisions.
Fix approach: - centralize DM/group authorization composition via shared resolvers - remove local DM/group list recomposition at channel callsites - add cross-channel regression coverage for message + reaction ingress - add CI guard to block future pairing-store leakage into group auth composition
Impact
- Affects deployments using BlueBubbles with
groupPolicy=allowlistanddmPolicy=pairingwhen pairing-store entries are present. - Could allow DM-authorized identities to be treated as group-authorized without explicit
groupAllowFrommembership. - Does not bypass gateway auth, sandbox boundaries, or create new host-level privilege beyond existing DM authorization.
Fix Commit(s)
051fdcc428129446e7c084260f837b7284279ce9
Release Process Note
patched_versions is pre-set to the planned next release (2026.2.26) so once npm 2026.2.26 is published, this advisory can be published without further content edits.
OpenClaw thanks @tdjackey for reporting.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.2.25"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.26"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32006"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T22:54:46Z",
"nvd_published_at": "2026-03-19T22:16:33Z",
"severity": "MODERATE"
},
"details": "### Summary\nIn `openclaw@2026.2.25`, BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when `dmPolicy=pairing` and `groupPolicy=allowlist`.\n\nA sender that was only DM-paired (not explicitly present in `groupAllowFrom`) could pass group sender checks for message and reaction ingress.\n\nPer OpenClaw\u0027s `SECURITY.md` trust model, this is a constrained authorization-consistency issue, not a multi-tenant boundary bypass or host-privilege escalation.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version at triage time: `2026.2.25`\n- Affected versions: `\u003c= 2026.2.25`\n- Patched versions: `\u003e= 2026.2.26` (planned next release)\n\n### Technical Details\nRoot cause was DM/group allowlist composition where DM pairing-store identities could flow into group authorization decisions.\n\nFix approach:\n- centralize DM/group authorization composition via shared resolvers\n- remove local DM/group list recomposition at channel callsites\n- add cross-channel regression coverage for message + reaction ingress\n- add CI guard to block future pairing-store leakage into group auth composition\n\n### Impact\n- Affects deployments using BlueBubbles with `groupPolicy=allowlist` and `dmPolicy=pairing` when pairing-store entries are present.\n- Could allow DM-authorized identities to be treated as group-authorized without explicit `groupAllowFrom` membership.\n- Does **not** bypass gateway auth, sandbox boundaries, or create new host-level privilege beyond existing DM authorization.\n\n### Fix Commit(s)\n- `051fdcc428129446e7c084260f837b7284279ce9`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.26`) so once npm `2026.2.26` is published, this advisory can be published without further content edits.\n\nOpenClaw thanks @tdjackey for reporting.",
"id": "GHSA-25pw-4h6w-qwvm",
"modified": "2026-03-30T13:47:34Z",
"published": "2026-03-03T22:54:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25pw-4h6w-qwvm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32006"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/051fdcc428129446e7c084260f837b7284279ce9"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/1aadf26f9acc399affabd859937a09468a9c5cb4"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-fallback-in-group-allowlist"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback"
}
GHSA-25VQ-XHX7-64Q5
Vulnerability from github – Published: 2025-11-01 06:30 – Updated: 2025-11-01 06:30The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with Author-level access and above, to clear all data like terms and categories.
{
"affected": [],
"aliases": [
"CVE-2025-12038"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-01T06:15:40Z",
"severity": "MODERATE"
},
"details": "The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with Author-level access and above, to clear all data like terms and categories.",
"id": "GHSA-25vq-xhx7-64q5",
"modified": "2025-11-01T06:30:36Z",
"published": "2025-11-01T06:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12038"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3384176/folderly/trunk/includes/Rest#file0"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81d43850-c6aa-4340-a0e0-41e04e958848?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-25X7-989G-366H
Vulnerability from github – Published: 2023-06-21 21:30 – Updated: 2024-04-04 04:59A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
{
"affected": [],
"aliases": [
"CVE-2023-0971"
],
"database_specific": {
"cwe_ids": [
"CWE-268",
"CWE-269",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-21T20:15:09Z",
"severity": "HIGH"
},
"details": "A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.",
"id": "GHSA-25x7-989g-366h",
"modified": "2024-04-04T04:59:31Z",
"published": "2023-06-21T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0971"
},
{
"type": "WEB",
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2623-9JVF-X9V2
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-10-07 18:16An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
{
"affected": [],
"aliases": [
"CVE-2020-28872"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-12T14:15:00Z",
"severity": "CRITICAL"
},
"details": "An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.",
"id": "GHSA-2623-9jvf-x9v2",
"modified": "2022-10-07T18:16:03Z",
"published": "2022-05-24T17:47:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28872"
},
{
"type": "WEB",
"url": "https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48981"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.