CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5504 vulnerabilities reference this CWE, most recent first.
GHSA-WW6F-VP8M-358F
Vulnerability from github – Published: 2021-12-01 00:00 – Updated: 2022-07-13 00:01Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-43771"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-30T12:15:00Z",
"severity": "HIGH"
},
"details": "Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-ww6f-vp8m-358f",
"modified": "2022-07-13T00:01:48Z",
"published": "2021-12-01T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43771"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10832"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WW8Q-926Q-45P7
Vulnerability from github – Published: 2025-10-06 21:30 – Updated: 2025-11-26 18:31The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.
{
"affected": [],
"aliases": [
"CVE-2025-59451"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T20:15:36Z",
"severity": "LOW"
},
"details": "The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.",
"id": "GHSA-ww8q-926q-45p7",
"modified": "2025-11-26T18:31:03Z",
"published": "2025-10-06T21:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59451"
},
{
"type": "WEB",
"url": "https://bishopfox.com/blog/advisories"
},
{
"type": "WEB",
"url": "https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home"
},
{
"type": "WEB",
"url": "https://shop.yosmart.com/pages/product-support"
},
{
"type": "WEB",
"url": "https://shop.yosmart.com/pages/sa-2025-001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WW8W-98RF-98PG
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.
{
"affected": [],
"aliases": [
"CVE-2021-21725"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-05T17:15:00Z",
"severity": "MODERATE"
},
"details": "A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.",
"id": "GHSA-ww8w-98rf-98pg",
"modified": "2022-05-24T17:43:45Z",
"published": "2022-05-24T17:43:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21725"
},
{
"type": "WEB",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014624"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WW95-GF5V-MGRR
Vulnerability from github – Published: 2026-06-11 00:32 – Updated: 2026-07-14 15:32A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).
Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2026-0272"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T22:16:54Z",
"severity": "MODERATE"
},
"details": "A privilege escalation vulnerability in Palo Alto Networks PAN-OS\u00ae software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.",
"id": "GHSA-ww95-gf5v-mgrr",
"modified": "2026-07-14T15:32:00Z",
"published": "2026-06-11T00:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0272"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-104023.html"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0272"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-WWGF-8WGF-PM54
Vulnerability from github – Published: 2024-02-29 03:33 – Updated: 2024-02-29 03:33A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.
This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
{
"affected": [],
"aliases": [
"CVE-2024-20291"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T01:43:59Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.\n\n This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.",
"id": "GHSA-wwgf-8wgf-pm54",
"modified": "2024-02-29T03:33:17Z",
"published": "2024-02-29T03:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20291"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WWGJ-PF6C-P6HC
Vulnerability from github – Published: 2021-12-17 00:00 – Updated: 2021-12-23 00:01An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.
{
"affected": [],
"aliases": [
"CVE-2021-45102"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-16T05:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.",
"id": "GHSA-wwgj-pf6c-p6hc",
"modified": "2021-12-23T00:01:56Z",
"published": "2021-12-17T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45102"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WWH8-V3J3-GXFW
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2024-01-10 19:29The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "woocommerce/woocommerce"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-29156"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-10T19:29:47Z",
"nvd_published_at": "2020-12-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the `order_id` parameter in a `fetch_order_status` action.",
"id": "GHSA-wwh8-v3j3-gxfw",
"modified": "2024-01-10T19:29:47Z",
"published": "2022-05-24T17:37:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29156"
},
{
"type": "WEB",
"url": "https://github.com/Ko-kn3t/CVE-2020-29156"
},
{
"type": "PACKAGE",
"url": "https://github.com/woocommerce/woocommerce"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "WooCommerce Incorrect Authorization"
}
GHSA-WWHJ-PW6H-F8HW
Vulnerability from github – Published: 2025-04-14 15:31 – Updated: 2025-04-23 15:10Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.11.0"
},
{
"fixed": "9.11.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250213231113-68c11e9ecb71"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-2424"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-14T21:55:16Z",
"nvd_published_at": "2025-04-14T15:15:24Z",
"severity": "LOW"
},
"details": "Mattermost versions 10.5.x \u003c= 10.5.1, 9.11.x \u003c= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.",
"id": "GHSA-wwhj-pw6h-f8hw",
"modified": "2025-04-23T15:10:31Z",
"published": "2025-04-14T15:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2424"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/68c11e9ecb7129f7d3e0e67277f0a5924a8cbe06"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3611"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Incorrect Authorization vulnerability"
}
GHSA-WWW6-QMFJ-V924
Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-12-22 15:30OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party (the target user), who can then view the tickets of the added 'supervised' users. This breaks the authorization model and filters the content of other users' tickets.This issue affects OpenSupports: 4.11.0.
{
"affected": [],
"aliases": [
"CVE-2025-10696"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-03T21:15:33Z",
"severity": "HIGH"
},
"details": "OpenSupports exposes an endpoint that allows the list of \u0027supervised users\u0027 for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party (the target user), who can then view the tickets of the added \u0027supervised\u0027 users. This breaks the authorization model and filters the content of other users\u0027 tickets.This issue affects OpenSupports: 4.11.0.",
"id": "GHSA-www6-qmfj-v924",
"modified": "2025-12-22T15:30:21Z",
"published": "2025-10-03T21:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10696"
},
{
"type": "WEB",
"url": "https://fluidattacks.com/advisories/stratovarius"
},
{
"type": "WEB",
"url": "https://github.com/opensupports/opensupports"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WX33-6V5H-Q453
Vulnerability from github – Published: 2022-05-18 00:00 – Updated: 2022-05-27 00:01This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
{
"affected": [],
"aliases": [
"CVE-2021-35249"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-17T20:15:00Z",
"severity": "MODERATE"
},
"details": "This broken access control vulnerability pertains specifically to a domain admin who can access configuration \u0026 user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.",
"id": "GHSA-wx33-6v5h-q453",
"modified": "2022-05-27T00:01:32Z",
"published": "2022-05-18T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35249"
},
{
"type": "WEB",
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm"
},
{
"type": "WEB",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.