Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5556 vulnerabilities reference this CWE, most recent first.

GHSA-2C99-9FV7-72HJ

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-08T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.",
  "id": "GHSA-2c99-9fv7-72hj",
  "modified": "2022-05-13T01:38:26Z",
  "published": "2022-05-13T01:38:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0894"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/218876"
    },
    {
      "type": "WEB",
      "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CC9-295V-25M8

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-25012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-01T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal\u0027s security advisory policy.",
  "id": "GHSA-2cc9-295v-25m8",
  "modified": "2022-05-24T17:37:34Z",
  "published": "2022-05-24T17:37:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25012"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/project/webform_report/issues/3101410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2CF2-4MQR-V9RJ

Vulnerability from github – Published: 2025-04-25 06:30 – Updated: 2025-04-25 06:30
VLAI
Details

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-25T06:15:45Z",
    "severity": "MODERATE"
  },
  "details": "The Prevent Direct Access \u2013 Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the \u0027pda_lite_custom_permission_check\u0027 function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.",
  "id": "GHSA-2cf2-4mqr-v9rj",
  "modified": "2025-04-25T06:30:56Z",
  "published": "2025-04-25T06:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3861"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/prevent-direct-access/tags/2.8.8.2/includes/pda_lite_api.php#L71"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3279923"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ed83916-3cf7-4fc6-a16f-45b40cedc721?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CF7-HPWF-47H9

Vulnerability from github – Published: 2026-07-14 20:26 – Updated: 2026-07-14 20:26
VLAI
Summary
n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
Details

Summary

In multi-tenant HTTP mode (ENABLE_MULTI_TENANT=true), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope workflow_versions backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability.

Impact

An authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope — for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected.

Affected versions

<= 2.57.3

Patched version

2.57.4

Remediation

Upgrade to n8n-mcp 2.57.4 or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant.

Workarounds

  • Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it.
  • Run in stdio mode, which has no multi-tenant HTTP surface.
  • If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure.

Credit

Reported by @DavidCarliez.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.57.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "n8n-mcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.57.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-14T20:26:39Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nIn multi-tenant HTTP mode (`ENABLE_MULTI_TENANT=true`), an authenticated tenant could, under certain conditions, reach n8n-mcp\u0027s local default-scope `workflow_versions` backups instead of being confined to its own tenant scope. This affects n8n-mcp\u0027s own local workflow-version storage, not a normal n8n API capability.\n\n## Impact\n\nAn authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope \u2014 for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected.\n\n## Affected versions\n\n`\u003c= 2.57.3`\n\n## Patched version\n\n`2.57.4`\n\n## Remediation\n\nUpgrade to n8n-mcp `2.57.4` or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant.\n\n## Workarounds\n\n- Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it.\n- Run in stdio mode, which has no multi-tenant HTTP surface.\n- If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure.\n\n## Credit\n\nReported by @DavidCarliez.",
  "id": "GHSA-2cf7-hpwf-47h9",
  "modified": "2026-07-14T20:26:39Z",
  "published": "2026-07-14T20:26:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-2cf7-hpwf-47h9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/commit/c1ca1e73697feaec5ec2a5fb7e6992a2892b62c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/czlonkowski/n8n-mcp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.57.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode"
}

GHSA-2CG5-9VJW-W6VG

Vulnerability from github – Published: 2025-03-06 15:34 – Updated: 2025-03-06 15:34
VLAI
Details

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T13:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1  allow users with limited permissions to access to potentially sensitive project analytics data.",
  "id": "GHSA-2cg5-9vjw-w6vg",
  "modified": "2025-03-06T15:34:46Z",
  "published": "2025-03-06T15:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2045"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2921111"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CPH-RVMJ-CX7R

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-06-04 00:00
VLAI
Details

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-06T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).",
  "id": "GHSA-2cph-rvmj-cx7r",
  "modified": "2022-06-04T00:00:41Z",
  "published": "2022-05-24T19:01:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32062"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5"
    },
    {
      "type": "WEB",
      "url": "https://mapserver.org/development/changelog/changelog-7-0.html"
    },
    {
      "type": "WEB",
      "url": "https://mapserver.org/development/changelog/changelog-7-2.html"
    },
    {
      "type": "WEB",
      "url": "https://mapserver.org/development/changelog/changelog-7-4.html"
    },
    {
      "type": "WEB",
      "url": "https://mapserver.org/development/changelog/changelog-7-6.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CQ5-MF3V-MX44

Vulnerability from github – Published: 2026-04-17 22:16 – Updated: 2026-05-08 01:32
VLAI
Summary
OpenClaw: busybox and toybox applet execution weakened exec approval binding
Details

Summary

busybox and toybox applet execution weakened exec approval binding.

Affected Packages / Versions

  • Package: openclaw
  • Ecosystem: npm
  • Affected versions: >= 2026.2.23 < 2026.4.12
  • Patched versions: >= 2026.4.12

Impact

Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavior would actually run, weakening exec approval binding and risk classification.

Technical Details

The fix treats busybox and toybox as opaque mutable script runners and fails closed rather than binding unsafe applet invocations.

Fix

The issue was fixed in #65713. The first stable tag containing the fix is v2026.4.12, and openclaw@2026.4.14 includes the fix.

Fix Commit(s)

  • 666f48d9b882a8a1415ca53f9567c72499d850c9
  • PR: #65713

Release Process Note

Users should upgrade to openclaw 2026.4.12 or newer. The latest npm release, 2026.4.14, already includes the fix.

Credits

Thanks to @decsecre583 for reporting this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2026.2.23"
            },
            {
              "fixed": "2026.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43530"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-17T22:16:04Z",
    "nvd_published_at": "2026-05-05T12:16:19Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nbusybox and toybox applet execution weakened exec approval binding.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003e= 2026.2.23 \u003c 2026.4.12`\n- Patched versions: `\u003e= 2026.4.12`\n\n## Impact\n\nOpaque multi-call binaries such as `busybox` and `toybox` could obscure which applet or script-like behavior would actually run, weakening exec approval binding and risk classification.\n\n## Technical Details\n\nThe fix treats `busybox` and `toybox` as opaque mutable script runners and fails closed rather than binding unsafe applet invocations.\n\n## Fix\n\nThe issue was fixed in #65713. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `666f48d9b882a8a1415ca53f9567c72499d850c9`\n- PR: #65713\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @decsecre583 for reporting this issue.",
  "id": "GHSA-2cq5-mf3v-mx44",
  "modified": "2026-05-08T01:32:55Z",
  "published": "2026-04-17T22:16:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43530"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/65713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: busybox and toybox applet execution weakened exec approval binding"
}

GHSA-2CQW-CP62-6FRC

Vulnerability from github – Published: 2022-09-21 00:00 – Updated: 2022-09-23 00:00
VLAI
Details

This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-20T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.",
  "id": "GHSA-2cqw-cp62-6frc",
  "modified": "2022-09-23T00:00:31Z",
  "published": "2022-09-21T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32854"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213443"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213445"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213446"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213486"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/45"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CRH-R3WQ-QG9G

Vulnerability from github – Published: 2022-06-21 00:00 – Updated: 2022-06-28 00:00
VLAI
Details

In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33913"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-20T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.",
  "id": "GHSA-2crh-r3wq-qg9g",
  "modified": "2022-06-28T00:00:47Z",
  "published": "2022-06-21T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33913"
    },
    {
      "type": "WEB",
      "url": "https://mahara.org/interaction/forum/topic.php?id=9138"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CV2-PMJ7-QMCG

Vulnerability from github – Published: 2025-07-15 21:31 – Updated: 2025-07-15 21:31
VLAI
Details

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-15T20:15:28Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).  Supported versions that are affected are 8.60, 8.61 and  8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
  "id": "GHSA-2cv2-pmj7-qmcg",
  "modified": "2025-07-15T21:31:39Z",
  "published": "2025-07-15T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30747"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.