CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5562 vulnerabilities reference this CWE, most recent first.
GHSA-R7MM-GRF3-5FJV
Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2024-01-11 19:35Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.7-p4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.4"
},
{
"fixed": "2.4.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3-p3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-34256"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-11T19:35:36Z",
"nvd_published_at": "2022-08-16T21:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user\u0027s data. Exploitation of this issue does not require user interaction.",
"id": "GHSA-r7mm-grf3-5fjv",
"modified": "2024-01-11T19:35:36Z",
"published": "2022-08-17T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34256"
},
{
"type": "WEB",
"url": "https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"
},
{
"type": "WEB",
"url": "https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"
},
{
"type": "WEB",
"url": "https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"
},
{
"type": "PACKAGE",
"url": "https://github.com/magento/magento2"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/magento/apsb22-38.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Magento Improper Authorization vulnerability"
}
GHSA-R7R2-M3VR-C8QC
Vulnerability from github – Published: 2025-05-15 12:30 – Updated: 2025-05-17 14:02Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.6.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.6.0"
},
{
"fixed": "10.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.5.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.4.0"
},
{
"fixed": "10.4.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.11.11"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.11.0"
},
{
"fixed": "9.11.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250415054241-76ab3867b785"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-3446"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-17T14:02:03Z",
"nvd_published_at": "2025-05-15T11:15:48Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.",
"id": "GHSA-r7r2-m3vr-c8qc",
"modified": "2025-05-17T14:02:03Z",
"published": "2025-05-15T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3446"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Fails to Validate Team Invite Permissions"
}
GHSA-R7RH-G777-G5GX
Vulnerability from github – Published: 2021-10-12 18:49 – Updated: 2021-10-18 14:34Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "silverstripe/graphql"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28661"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-08T21:35:47Z",
"nvd_published_at": "2021-10-07T15:15:00Z",
"severity": "MODERATE"
},
"details": "Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.",
"id": "GHSA-r7rh-g777-g5gx",
"modified": "2021-10-18T14:34:41Z",
"published": "2021-10-12T18:49:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661"
},
{
"type": "WEB",
"url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/silverstripe/silverstripe-graphql"
},
{
"type": "WEB",
"url": "https://github.com/silverstripe/silverstripe-graphql/releases"
},
{
"type": "WEB",
"url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"
},
{
"type": "WEB",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "SilverStripe GraphQL Server permission checker not inherited by query subclass."
}
GHSA-R7RH-JWW5-5FJR
Vulnerability from github – Published: 2024-10-02 21:33 – Updated: 2024-10-09 22:47Impact
We've identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments.
Who is affected?
A Pomerium deployment is susceptible to this issue if all of the following conditions are met: - You have issued a service account access token using Pomerium Zero or Pomerium Enterprise. - The access token has an explicit expiration date in the future. - The core Pomerium databroker gRPC API is not otherwise secured by network access controls.
If your deployment does not meet all of these conditions, you are not affected by this vulnerability.
Details
The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization.
Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings.
Discovery
This issue was discovered during internal review. At this time we have no evidence to suggest that this vulnerability has been exploited in the wild.
Patches
We have released Pomerium v0.27.1 which includes a fix for the JWT validation logic. All affected users are strongly encouraged to upgrade to this version.
Workarounds
If you cannot upgrade immediately, consider the following mitigations:
-
Network access controls: Restrict access to the Pomerium internal gRPC API by configuring your network firewall or security groups to limit access to trusted sources only. Ensure that the port specified in the
grpc_addresssetting is not exposed to unauthorized networks. -
For Pomerium Zero deployments only: As of Pomerium v0.26.0, you can disable the gRPC API listener by setting
grpc_address: ""in your YAML configuration file. In all-in-one mode, Pomerium does not require the internal gRPC API to be exposed beyond localhost.
For more information
If you have questions or need further assistance:
- Open an issue in the pomerium/pomerium repository.
- Contact us at security@pomerium.com.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/pomerium/pomerium"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47616"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-02T21:33:11Z",
"nvd_published_at": "2024-10-02T22:15:03Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWe\u0027ve identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments.\n\n#### Who is affected?\n\nA Pomerium deployment is susceptible to this issue if _all_ of the following conditions are met:\n- You have issued a [service account](https://www.pomerium.com/docs/capabilities/service-accounts) access token using Pomerium Zero or Pomerium Enterprise.\n- The access token has an explicit expiration date in the future.\n- The core Pomerium databroker gRPC API is not otherwise secured by network access controls.\n\nIf your deployment does not meet _all_ of these conditions, you are not affected by this vulnerability.\n\n#### Details\n\nThe Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization.\n\nImproper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings.\n\n#### Discovery\n\nThis issue was discovered during internal review. At this time we have no evidence to suggest that this vulnerability has been exploited in the wild.\n\n### Patches\n\nWe have released [Pomerium v0.27.1](https://github.com/pomerium/pomerium/releases/tag/v0.27.1) which includes a fix for the JWT validation logic. All affected users are strongly encouraged to upgrade to this version.\n\n### Workarounds\n\nIf you cannot upgrade immediately, consider the following mitigations:\n\n- Network access controls: Restrict access to the Pomerium internal gRPC API by configuring your network firewall or security groups to limit access to trusted sources only. Ensure that the port specified in the [`grpc_address`](https://www.pomerium.com/docs/reference/grpc#grpc-address) setting is not exposed to unauthorized networks.\n\n- _For Pomerium Zero deployments only:_ As of Pomerium v0.26.0, you can disable the gRPC API listener by setting `grpc_address: \"\"` in your YAML configuration file. In all-in-one mode, Pomerium does not require the internal gRPC API to be exposed beyond localhost.\n\n### For more information\nIf you have questions or need further assistance:\n\n- Open an issue in the [pomerium/pomerium](https://github.com/pomerium/pomerium/issues) repository.\n- Contact us at [security@pomerium.com](mailto:security@pomerium.com).\n",
"id": "GHSA-r7rh-jww5-5fjr",
"modified": "2024-10-09T22:47:38Z",
"published": "2024-10-02T21:33:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-r7rh-jww5-5fjr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47616"
},
{
"type": "WEB",
"url": "https://github.com/pomerium/pomerium/commit/e018cf0fc0979d2abe25ff705db019feb7523444"
},
{
"type": "PACKAGE",
"url": "https://github.com/pomerium/pomerium"
},
{
"type": "WEB",
"url": "https://github.com/pomerium/pomerium/releases/tag/v0.27.1"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3179"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pomerium service account access token may grant unintended access to databroker API"
}
GHSA-R7RR-GHH8-J4P9
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-09-25 00:00Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
{
"affected": [],
"aliases": [
"CVE-2021-25351"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T17:15:00Z",
"severity": "LOW"
},
"details": "Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.",
"id": "GHSA-r7rr-ghh8-j4p9",
"modified": "2022-09-25T00:00:18Z",
"published": "2022-05-24T17:45:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25351"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R7V3-974M-576M
Vulnerability from github – Published: 2026-01-12 15:30 – Updated: 2026-01-27 21:31Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.
{
"affected": [],
"aliases": [
"CVE-2025-41078"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-12T15:16:03Z",
"severity": "HIGH"
},
"details": "Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.",
"id": "GHSA-r7v3-974m-576m",
"modified": "2026-01-27T21:31:39Z",
"published": "2026-01-12T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41078"
},
{
"type": "WEB",
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R848-G58F-V3HW
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06When styling and rendering an oversized <select> element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.
{
"affected": [],
"aliases": [
"CVE-2021-29961"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-24T14:15:00Z",
"severity": "MODERATE"
},
"details": "When styling and rendering an oversized `\u003cselect\u003e` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox \u003c 89.",
"id": "GHSA-r848-g58f-v3hw",
"modified": "2022-05-24T19:06:09Z",
"published": "2022-05-24T19:06:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29961"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1700235"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-09"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-23"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R849-826X-WGQM
Vulnerability from github – Published: 2026-03-19 03:30 – Updated: 2026-03-20 13:40Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references.
Original Description
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2026.2.26"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T13:40:02Z",
"nvd_published_at": "2026-03-19T02:16:03Z",
"severity": "LOW"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.",
"id": "GHSA-r849-826x-wgqm",
"modified": "2026-03-20T13:40:02Z",
"published": "2026-03-19T03:30:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31991"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/64de4b6d6ae81e269ceb4ca16f53cda99ced967a"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-leakage-in-signal-group-allowlist"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage",
"withdrawn": "2026-03-20T13:40:02Z"
}
GHSA-R855-VCGQ-F3FH
Vulnerability from github – Published: 2026-01-06 18:31 – Updated: 2026-01-06 18:31iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.
{
"affected": [],
"aliases": [
"CVE-2020-36920"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T16:15:48Z",
"severity": "HIGH"
},
"details": "iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.",
"id": "GHSA-r855-vcgq-f3fh",
"modified": "2026-01-06T18:31:34Z",
"published": "2026-01-06T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36920"
},
{
"type": "WEB",
"url": "https://cxsecurity.com/issue/WLB-2020110025"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191260"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/159918"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200919100215/http://www.yerootech.com"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48992"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/ids-dsspro-digital-signage-system-privilege-escalation-via-access-control"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5608.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R868-F942-GCW7
Vulnerability from github – Published: 2024-09-27 12:31 – Updated: 2024-09-27 12:31Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2024-9136"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T11:15:13Z",
"severity": "MODERATE"
},
"details": "Access permission verification vulnerability in the App Multiplier module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-r868-f942-gcw7",
"modified": "2024-09-27T12:31:40Z",
"published": "2024-09-27T12:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9136"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.