CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5537 vulnerabilities reference this CWE, most recent first.
GHSA-VWW6-XQPQ-4V62
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side
{
"affected": [],
"aliases": [
"CVE-2021-24379"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-21T20:15:00Z",
"severity": "MODERATE"
},
"details": "The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side",
"id": "GHSA-vww6-xqpq-4v62",
"modified": "2022-05-24T19:05:47Z",
"published": "2022-05-24T19:05:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24379"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/aae7a889-195c-45a3-bbe4-e6d4cd2d7fd9"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VX35-F379-4Q49
Vulnerability from github – Published: 2023-07-10 21:53 – Updated: 2023-07-19 19:29Impact
The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions.
The attacker can view and freely perform actions to add, modify, or delete rules.
Patches
Update to version 3.4.1 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch
Workarounds
Apply https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch manually.
References
https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6/
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pimcore/customer-management-framework-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-3574"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-10T21:53:52Z",
"nvd_published_at": "2023-07-10T16:15:56Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions.\n\nThe attacker can view and freely perform actions to add, modify, or delete rules.\n\n### Patches\nUpdate to version 3.4.1 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch\n\n### Workarounds\nApply https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch manually.\n\n### References\nhttps://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6/",
"id": "GHSA-vx35-f379-4q49",
"modified": "2023-07-19T19:29:23Z",
"published": "2023-07-10T21:53:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-vx35-f379-4q49"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3574"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch"
},
{
"type": "PACKAGE",
"url": "https://github.com/pimcore/customer-data-framework"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller"
}
GHSA-VX4H-JX68-6G52
Vulnerability from github – Published: 2023-10-20 09:30 – Updated: 2024-04-04 08:50The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2021-4334"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-20T08:15:11Z",
"severity": "HIGH"
},
"details": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.",
"id": "GHSA-vx4h-jx68-6g52",
"modified": "2024-04-04T08:50:25Z",
"published": "2023-10-20T09:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4334"
},
{
"type": "WEB",
"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX7X-QWMP-H33C
Vulnerability from github – Published: 2024-09-25 15:31 – Updated: 2024-10-01 18:31Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
{
"affected": [],
"aliases": [
"CVE-2024-6512"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-25T14:15:05Z",
"severity": "MODERATE"
},
"details": "Authorization bypass in the\u00a0PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.",
"id": "GHSA-vx7x-qwmp-h33c",
"modified": "2024-10-01T18:31:17Z",
"published": "2024-09-25T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6512"
},
{
"type": "WEB",
"url": "https://devolutions.net/security/advisories/DEVO-2024-0013"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VXFQ-2MX9-7884
Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-07 00:01Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
{
"affected": [],
"aliases": [
"CVE-2022-36564"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-30T21:15:00Z",
"severity": "HIGH"
},
"details": "Incorrect access control in the install directory (C:\\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.",
"id": "GHSA-vxfq-2mx9-7884",
"modified": "2022-09-07T00:01:54Z",
"published": "2022-08-31T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36564"
},
{
"type": "WEB",
"url": "https://github.com/ycdxsb/Vuln/blob/main/StrawberryPerl-Vuln/StrawberryPerl-Vuln.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXGX-3742-3JJ5
Vulnerability from github – Published: 2024-10-20 06:31 – Updated: 2024-10-20 06:31A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-10173"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-20T05:15:02Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-vxgx-3742-3jj5",
"modified": "2024-10-20T06:31:06Z",
"published": "2024-10-20T06:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10173"
},
{
"type": "WEB",
"url": "https://github.com/didi/DDMQ/issues/37"
},
{
"type": "WEB",
"url": "https://github.com/didi/DDMQ/issues/37#issue-2577905007"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.280957"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.280957"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.421516"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VXHC-C4QM-647P
Vulnerability from github – Published: 2021-08-11 15:18 – Updated: 2021-10-21 13:35In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "dolibarr/dolibarr"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.1"
},
{
"fixed": "14.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25954"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-10T17:28:01Z",
"nvd_published_at": "2021-08-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "In \u201cDolibarr\u201d application, 2.8.1 to 13.0.4 don\u2019t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at \u201c/adherents/note.php?id=1\u201d endpoint.",
"id": "GHSA-vxhc-c4qm-647p",
"modified": "2021-10-21T13:35:03Z",
"published": "2021-08-11T15:18:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25954"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/8cc100012d46282799fb19f735a53b7101569377"
},
{
"type": "PACKAGE",
"url": "https://github.com/Dolibarr/dolibarr"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25954"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Access Control in Dolibarr"
}
GHSA-VXR6-PWVM-CF57
Vulnerability from github – Published: 2022-10-21 19:01 – Updated: 2023-01-25 03:30A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.
{
"affected": [],
"aliases": [
"CVE-2022-43400"
],
"database_specific": {
"cwe_ids": [
"CWE-1390",
"CWE-287",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-21T14:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions \u003c V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.",
"id": "GHSA-vxr6-pwvm-cf57",
"modified": "2023-01-25T03:30:32Z",
"published": "2022-10-21T19:01:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43400"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXX6-78XM-PW3X
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.
{
"affected": [],
"aliases": [
"CVE-2021-29642"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-30T19:15:00Z",
"severity": "MODERATE"
},
"details": "GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.",
"id": "GHSA-vxx6-78xm-pw3x",
"modified": "2022-05-24T17:45:53Z",
"published": "2022-05-24T17:45:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29642"
},
{
"type": "WEB",
"url": "https://github.com/lostintangent/gistpad/commit/230b05e8dea8d7ac5aae998bbe0a591d7f081b70"
},
{
"type": "WEB",
"url": "https://vuln.ryotak.me/advisories/7"
},
{
"type": "WEB",
"url": "https://vuln.ryotak.me/advisories/7.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VXXJ-78QM-2X3M
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
{
"affected": [],
"aliases": [
"CVE-2019-0552"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-08T21:29:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege exists in Windows COM Desktop Broker, aka \"Windows COM Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.",
"id": "GHSA-vxxj-78qm-2x3m",
"modified": "2022-05-13T01:21:16Z",
"published": "2022-05-13T01:21:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0552"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0552"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46162"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.