Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5561 vulnerabilities reference this CWE, most recent first.

GHSA-28HP-2GV6-GJP8

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2025-12-18 00:34
VLAI
Details

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-10T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
  "id": "GHSA-28hp-2gv6-gjp8",
  "modified": "2025-12-18T00:34:04Z",
  "published": "2022-05-13T01:19:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20685"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3702"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201903-16"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-53"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190215-0001"
    },
    {
      "type": "WEB",
      "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3885-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4387"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-28MP-CX45-6MWQ

Vulnerability from github – Published: 2022-03-08 00:00 – Updated: 2022-03-17 00:03
VLAI
Details

The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-07T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved",
  "id": "GHSA-28mp-cx45-6mwq",
  "modified": "2022-03-17T00:03:06Z",
  "published": "2022-03-08T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24824"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2935-F8MX-XC5W

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-27 12:00
VLAI
Details

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.",
  "id": "GHSA-2935-f8mx-xc5w",
  "modified": "2022-10-27T12:00:26Z",
  "published": "2022-05-24T19:07:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34626"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34626"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-297F-R9W7-W492

Vulnerability from github – Published: 2022-10-20 19:00 – Updated: 2024-04-23 17:24
VLAI
Summary
Magento Improper input validation vulnerability
Details

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privilege escalation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.7-p4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3-p3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.4"
            },
            {
              "fixed": "2.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.4.4"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-42344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-639",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T17:24:33Z",
    "nvd_published_at": "2022-10-20T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.",
  "id": "GHSA-297f-r9w7-w492",
  "modified": "2024-04-23T17:24:33Z",
  "published": "2022-10-20T19:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42344"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento Improper input validation vulnerability"
}

GHSA-299Q-3P96-5898

Vulnerability from github – Published: 2024-05-07 15:30 – Updated: 2024-05-08 14:01
VLAI
Summary
Apache Superset Incorrect Authorization vulnerability
Details

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2.

Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-07T16:53:40Z",
    "nvd_published_at": "2024-05-07T14:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2.\n\nUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.\n\n",
  "id": "GHSA-299q-3p96-5898",
  "modified": "2024-05-08T14:01:40Z",
  "published": "2024-05-07T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28148"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/superset"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Superset Incorrect Authorization vulnerability"
}

GHSA-29G7-9VCG-G9RM

Vulnerability from github – Published: 2023-11-20 09:30 – Updated: 2024-10-02 06:30
VLAI
Details

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-20T08:15:44Z",
    "severity": "MODERATE"
  },
  "details": "Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker  to change the passwords of other non-admin users and thus to escalate non-root privileges.",
  "id": "GHSA-29g7-9vcg-g9rm",
  "modified": "2024-10-02T06:30:26Z",
  "published": "2023-11-20T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3379"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2023-015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29H6-3FPG-R7JH

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-07-13 00:00
VLAI
Details

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-19154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the \u0027FileManager.editFile()\u0027 function in the component \u0027modules/filemanager/FileManagerController.java\u0027.",
  "id": "GHSA-29h6-3fpg-r7jh",
  "modified": "2022-07-13T00:00:44Z",
  "published": "2022-05-24T19:14:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19154"
    },
    {
      "type": "WEB",
      "url": "https://www.seebug.org/vuldb/ssvid-97882"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29MX-8R38-HFXQ

Vulnerability from github – Published: 2023-07-31 15:30 – Updated: 2024-03-21 03:35
VLAI
Details

** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36092"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-31T14:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-29mx-8r38-hfxq",
  "modified": "2024-03-21T03:35:36Z",
  "published": "2023-07-31T15:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36092"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/security-bulletin"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/support"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29VR-79W7-P649

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2023-07-31 20:36
VLAI
Summary
Duplicate Advisory: Incorrect Authorization in Gerapy
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9w7f-m4j4-j3xw. This link is maintained to preserve external references.

Original Description

An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "gerapy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-44597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-28T14:23:45Z",
    "nvd_published_at": "2022-03-10T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9w7f-m4j4-j3xw. This link is maintained to preserve external references.\n\n## Original Description\nAn Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.",
  "id": "GHSA-29vr-79w7-p649",
  "modified": "2023-07-31T20:36:31Z",
  "published": "2022-03-11T00:02:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44597"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gerapy/Gerapy/issues/219"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gerapy/Gerapy/commit/49bcb19be5e0320e7e1535f34fe00f16a3cf3b28"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Gerapy/Gerapy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gerapy/Gerapy/releases/tag/v0.9.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/gerapy/PYSEC-2022-228.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Incorrect Authorization in Gerapy",
  "withdrawn": "2023-07-31T20:36:31Z"
}

GHSA-2C59-QQ5M-3QF7

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17067"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-30T02:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.",
  "id": "GHSA-2c59-qq5m-3qf7",
  "modified": "2022-05-13T01:44:15Z",
  "published": "2022-05-13T01:44:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17067"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/view/SP-CAAAP3K"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.