Common Weakness Enumeration

CWE-306

Allowed

Missing Authentication for Critical Function

Abstraction: Base · Status: Draft

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

3467 vulnerabilities reference this CWE, most recent first.

GHSA-JW2M-W7C2-H66C

Vulnerability from github – Published: 2022-04-29 00:00 – Updated: 2022-05-10 00:00
VLAI
Details

Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-28T09:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.",
  "id": "GHSA-jw2m-w7c2-h66c",
  "modified": "2022-05-10T00:00:37Z",
  "published": "2022-04-29T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28719"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.hammock.jp/assetview/info/220422.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JW3G-MPQ9-R6JR

Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-09 00:00
VLAI
Details

An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-01T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request.",
  "id": "GHSA-jw3g-mpq9-r6jr",
  "modified": "2022-09-09T00:00:56Z",
  "published": "2022-09-02T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36604"
    },
    {
      "type": "WEB",
      "url": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWC3-MM8J-J745

Vulnerability from github – Published: 2024-10-08 09:30 – Updated: 2024-10-08 09:30
VLAI
Details

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T09:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including,  5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the \"Use WordPress users as customers\" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.",
  "id": "GHSA-jwc3-mm8j-j745",
  "modified": "2024-10-08T09:30:54Z",
  "published": "2024-10-08T09:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8943"
    },
    {
      "type": "WEB",
      "url": "https://wpdocs.latepoint.com/changelog"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWHP-365F-27VV

Vulnerability from github – Published: 2024-01-11 18:31 – Updated: 2024-01-18 18:30
VLAI
Details

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-11T16:15:53Z",
    "severity": "CRITICAL"
  },
  "details": "D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.",
  "id": "GHSA-jwhp-365f-27vv",
  "modified": "2024-01-18T18:30:24Z",
  "published": "2024-01-11T18:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51987"
    },
    {
      "type": "WEB",
      "url": "https://github.com/funny-mud-peee/IoT-vuls/tree/main/dir822%2B/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWJW-4HRM-4CGG

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:08
VLAI
Details

Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-01T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.",
  "id": "GHSA-jwjw-4hrm-4cgg",
  "modified": "2024-04-04T01:08:30Z",
  "published": "2022-05-24T16:49:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13131"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/47030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWP2-VRQG-4F49

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:14Z",
    "severity": "HIGH"
  },
  "details": "Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-jwp2-vrqg-4f49",
  "modified": "2026-03-10T18:31:19Z",
  "published": "2026-03-10T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23662"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23662"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JX7X-FXC9-2WXV

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-01-16 21:30
VLAI
Details

Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T17:15:48Z",
    "severity": "MODERATE"
  },
  "details": "Denial of Service Vulnerability in NETGEAR\u202fC6220\u202fand\u202fC6230\u202f(DOCSIS\u00ae 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router.",
  "id": "GHSA-jx7x-fxc9-2wxv",
  "modified": "2026-01-16T21:30:30Z",
  "published": "2025-12-09T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12941"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/c6220"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/c6230"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JXCW-QP4H-6JFQ

Vulnerability from github – Published: 2026-06-18 14:27 – Updated: 2026-06-18 14:27
VLAI
Summary
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
Details

Summary

The published A2U advisory GHSA-f292-66h9-fpmf says unauthenticated A2U event streaming was fixed in praisonai 4.5.115. Current head still exposes the same A2U subscription and event routes without authentication when the operator starts the documented CLI entrypoint:

praisonai serve a2u --host 0.0.0.0 --port 8002

The current CLI wrapper does not expose --api-key, does not install the common API-key middleware, and does not generate a token for A2U. It calls create_a2u_routes(app) directly. That helper only enforces auth if A2U_AUTH_TOKEN is already present; if the variable is missing, _authenticate_request() returns None and treats auth as disabled.

This is an incomplete-fix report for the published A2U issue, not a separate trust-model-only concern.

Technical Details

The Typer command for A2U accepts only --host and --port:

src/praisonai/praisonai/cli/commands/serve.py:570-585

It forwards only those values to the shared serve handler:

args = ["a2u", "--host", host, "--port", str(port)]

The serve handler for A2U likewise accepts only host and port, then creates the app:

src/praisonai/praisonai/cli/features/serve.py:802-817

_create_a2u_app() registers A2U routes directly:

src/praisonai/praisonai/cli/features/serve.py:827-853

No call to _install_api_key_middleware(app, ...) is made for the dedicated A2U server, unlike the unified server path.

Inside create_a2u_routes(), auth is opt-in:

src/praisonai/praisonai/endpoints/a2u_server.py:245-253
auth_token = os.environ.get("A2U_AUTH_TOKEN")
if not auth_token:
    # No token configured - auth disabled (development mode)
    return None

The route helper then registers the same sensitive endpoints from the public advisory:

src/praisonai/praisonai/endpoints/a2u_server.py:391-409

Why This Is Not Intended Behavior

The public advisory for GHSA-f292-66h9-fpmf describes unauthenticated /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health as the vulnerability and lists 4.5.115 as patched.

Current documentation also says PraisonAI API servers are now secure by default, bind to 127.0.0.1, and generate a bearer token if no token is provided. The dedicated A2U command does not implement that secure-by-default behavior. It remains unauthenticated unless a different environment variable, A2U_AUTH_TOKEN, was set before startup.

This report does not claim that explicit local-only development mode is always a vulnerability. The issue is the mismatch between the published fixed version / secure-by-default posture and the current A2U CLI behavior, including external binding via --host 0.0.0.0.

PoV

Run:

python3 poc/pov_poc.py \
  --repo /path/to/PraisonAI \
  --json

Observed current-head output:

{
  "no_token": {
    "info_status_no_auth": 200,
    "subscribe_status_no_auth": 200,
    "health_status_no_auth": 200,
    "subscribe_body": {
      "stream_name": "events",
      "stream_url": "http://testserver/a2u/events/sub-d8ee868a5491"
    }
  },
  "with_token": {
    "info_status_no_auth": 401,
    "subscribe_status_no_auth": 401,
    "info_with_token": 200,
    "subscribe_with_token": 200
  },
  "vulnerable_current_default": true
}

The PoV is local-only. It uses a small Starlette response/route shim so it can invoke the registered A2U handlers without starting a network listener or installing dependencies. The control shows that the route-level token check works when A2U_AUTH_TOKEN is configured; the vulnerable behavior is that the current documented CLI path does not require or generate that token.

PoC

The PoV section above contains the local reproduction command, input, and decisive output.

Impact

An attacker who can reach a current A2U server started without A2U_AUTH_TOKEN can subscribe to agent event streams without credentials. The prior public advisory already classifies the exposed data as agent responses, tool calls, thinking/progress events, and stream metadata.

If operators rely on the published fixed version or the secure-by-default serve documentation, they may expose A2U on a network interface believing the unauthenticated stream issue is fixed.

Severity

Suggested severity: High.

Suggested Fix

Recommended:

  1. Make praisonai serve a2u secure by default in the same way as the documented API servers: generate a bearer token when none is configured, print it to stderr, and enforce it on all non-public A2U endpoints.
  2. Add --api-key / --auth-token support to the dedicated A2U command and pass the configured token into create_a2u_routes() or shared middleware.
  3. Fail closed for external binds such as --host 0.0.0.0 unless authentication is enabled.
  4. Require auth on /a2u/health or remove subscription and stream counts from unauthenticated health responses.
  5. Add regression tests for praisonai serve a2u proving unauthenticated /a2u/subscribe returns 401 on current/fixed versions by default.

Affected Package/Versions

  • Repository: MervinPraison/PraisonAI
  • Ecosystem: pip
  • Package: praisonai
  • Component: A2U Agent-to-User event stream server
  • Current checkout validated: 2f9677abb2ea68eab864ee8b6a828fd0141612e1
  • Current checkout tag state: v4.6.57-4-g2f9677ab
  • Public prior advisory: GHSA-f292-66h9-fpmf, fixed range claims praisonai <= 4.5.114

Suggested affected range:

pip:praisonai >= 4.5.115, <= 4.6.58

If maintainers prefer to update the public advisory rather than create a new advisory, the important correction is that the fixed version/range should not mark the current praisonai serve a2u behavior as fixed.

Advisory History

This is intentionally adjacent to GHSA-f292-66h9-fpmf. The report-grade point is that current versions after the claimed patched version still reproduce the same default unauthenticated A2U behavior through the maintained CLI entrypoint.

Visible PraisonAI advisories and prior submissions were checked. None cover A2U incomplete authentication after GHSA-f292-66h9-fpmf.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "praisonai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.5.115"
            },
            {
              "fixed": "4.6.61"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T14:27:00Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe published A2U advisory `GHSA-f292-66h9-fpmf` says unauthenticated A2U event streaming was fixed in `praisonai` `4.5.115`. Current head still exposes the same A2U subscription and event routes without authentication when the operator starts the documented CLI entrypoint:\n\n```text\npraisonai serve a2u --host 0.0.0.0 --port 8002\n```\n\nThe current CLI wrapper does not expose `--api-key`, does not install the common API-key middleware, and does not generate a token for A2U. It calls `create_a2u_routes(app)` directly. That helper only enforces auth if `A2U_AUTH_TOKEN` is already present; if the variable is missing, `_authenticate_request()` returns `None` and treats auth as disabled.\n\nThis is an incomplete-fix report for the published A2U issue, not a separate trust-model-only concern.\n\n## Technical Details\n\nThe Typer command for A2U accepts only `--host` and `--port`:\n\n```text\nsrc/praisonai/praisonai/cli/commands/serve.py:570-585\n```\n\nIt forwards only those values to the shared serve handler:\n\n```python\nargs = [\"a2u\", \"--host\", host, \"--port\", str(port)]\n```\n\nThe serve handler for A2U likewise accepts only `host` and `port`, then creates the app:\n\n```text\nsrc/praisonai/praisonai/cli/features/serve.py:802-817\n```\n\n`_create_a2u_app()` registers A2U routes directly:\n\n```text\nsrc/praisonai/praisonai/cli/features/serve.py:827-853\n```\n\nNo call to `_install_api_key_middleware(app, ...)` is made for the dedicated A2U server, unlike the unified server path.\n\nInside `create_a2u_routes()`, auth is opt-in:\n\n```text\nsrc/praisonai/praisonai/endpoints/a2u_server.py:245-253\n```\n\n```python\nauth_token = os.environ.get(\"A2U_AUTH_TOKEN\")\nif not auth_token:\n    # No token configured - auth disabled (development mode)\n    return None\n```\n\nThe route helper then registers the same sensitive endpoints from the public advisory:\n\n```text\nsrc/praisonai/praisonai/endpoints/a2u_server.py:391-409\n```\n\n### Why This Is Not Intended Behavior\n\nThe public advisory for `GHSA-f292-66h9-fpmf` describes unauthenticated `/a2u/info`, `/a2u/subscribe`, `/a2u/events/{stream_name}`, `/a2u/events/sub/{id}`, and `/a2u/health` as the vulnerability and lists `4.5.115` as patched.\n\nCurrent documentation also says PraisonAI API servers are now secure by default, bind to `127.0.0.1`, and generate a bearer token if no token is provided. The dedicated A2U command does not implement that secure-by-default behavior. It remains unauthenticated unless a different environment variable, `A2U_AUTH_TOKEN`, was set before startup.\n\nThis report does not claim that explicit local-only development mode is always a vulnerability. The issue is the mismatch between the published fixed version / secure-by-default posture and the current A2U CLI behavior, including external binding via `--host 0.0.0.0`.\n\n## PoV\n\nRun:\n\n```bash\npython3 poc/pov_poc.py \\\n  --repo /path/to/PraisonAI \\\n  --json\n```\n\nObserved current-head output:\n\n```json\n{\n  \"no_token\": {\n    \"info_status_no_auth\": 200,\n    \"subscribe_status_no_auth\": 200,\n    \"health_status_no_auth\": 200,\n    \"subscribe_body\": {\n      \"stream_name\": \"events\",\n      \"stream_url\": \"http://testserver/a2u/events/sub-d8ee868a5491\"\n    }\n  },\n  \"with_token\": {\n    \"info_status_no_auth\": 401,\n    \"subscribe_status_no_auth\": 401,\n    \"info_with_token\": 200,\n    \"subscribe_with_token\": 200\n  },\n  \"vulnerable_current_default\": true\n}\n```\n\nThe PoV is local-only. It uses a small Starlette response/route shim so it can invoke the registered A2U handlers without starting a network listener or installing dependencies. The control shows that the route-level token check works when `A2U_AUTH_TOKEN` is configured; the vulnerable behavior is that the current documented CLI path does not require or generate that token.\n\n## PoC\n\nThe PoV section above contains the local reproduction command, input, and decisive output.\n\n## Impact\n\nAn attacker who can reach a current A2U server started without `A2U_AUTH_TOKEN` can subscribe to agent event streams without credentials. The prior public advisory already classifies the exposed data as agent responses, tool calls, thinking/progress events, and stream metadata.\n\nIf operators rely on the published fixed version or the secure-by-default serve documentation, they may expose A2U on a network interface believing the unauthenticated stream issue is fixed.\n\n### Severity\n\nSuggested severity: High.\n\n## Suggested Fix\n\nRecommended:\n\n1. Make `praisonai serve a2u` secure by default in the same way as the documented API servers: generate a bearer token when none is configured, print it to stderr, and enforce it on all non-public A2U endpoints.\n2. Add `--api-key` / `--auth-token` support to the dedicated A2U command and pass the configured token into `create_a2u_routes()` or shared middleware.\n3. Fail closed for external binds such as `--host 0.0.0.0` unless authentication is enabled.\n4. Require auth on `/a2u/health` or remove subscription and stream counts from unauthenticated health responses.\n5. Add regression tests for `praisonai serve a2u` proving unauthenticated `/a2u/subscribe` returns `401` on current/fixed versions by default.\n\n## Affected Package/Versions\n\n- Repository: `MervinPraison/PraisonAI`\n- Ecosystem: `pip`\n- Package: `praisonai`\n- Component: A2U Agent-to-User event stream server\n- Current checkout validated: `2f9677abb2ea68eab864ee8b6a828fd0141612e1`\n- Current checkout tag state: `v4.6.57-4-g2f9677ab`\n- Public prior advisory: `GHSA-f292-66h9-fpmf`, fixed range claims `praisonai \u003c= 4.5.114`\n\nSuggested affected range:\n\n```text\npip:praisonai \u003e= 4.5.115, \u003c= 4.6.58\n```\n\nIf maintainers prefer to update the public advisory rather than create a new advisory, the important correction is that the fixed version/range should not mark the current `praisonai serve a2u` behavior as fixed.\n\n## Advisory History\n\nThis is intentionally adjacent to `GHSA-f292-66h9-fpmf`. The report-grade point is that current versions after the claimed patched version still reproduce the same default unauthenticated A2U behavior through the maintained CLI entrypoint.\n\nVisible PraisonAI advisories and prior submissions were checked. None cover A2U incomplete authentication after `GHSA-f292-66h9-fpmf`.",
  "id": "GHSA-jxcw-qp4h-6jfq",
  "modified": "2026-06-18T14:27:00Z",
  "published": "2026-06-18T14:27:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-jxcw-qp4h-6jfq"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MervinPraison/PraisonAI"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default"
}

GHSA-JXGQ-QHVG-X244

Vulnerability from github – Published: 2025-05-26 09:30 – Updated: 2025-05-26 09:30
VLAI
Details

An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-26T09:15:20Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.",
  "id": "GHSA-jxgq-qhvg-x244",
  "modified": "2025-05-26T09:30:43Z",
  "published": "2025-05-26T09:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41654"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2025-011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXM9-Q78J-5XXX

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-13T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.",
  "id": "GHSA-jxm9-q78j-5xxx",
  "modified": "2022-05-13T01:43:25Z",
  "published": "2022-05-13T01:43:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14417"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.
  • Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected, including those channels that are assumed to be accessible only by authorized parties. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.
  • In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation
Architecture and Design
  • Where possible, avoid implementing custom, "grow-your-own" authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These capabilities may avoid common weaknesses that are unique to authentication; support automatic auditing and tracking; and make it easier to provide a clear separation between authentication tasks and authorization tasks.
  • In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly.
Mitigation MIT-4.5
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45].
Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to require strong authentication for users who should be allowed to access the data [REF-1297] [REF-1298] [REF-1302].

CAPEC-12: Choosing Message Identifier

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

CAPEC-166: Force the System to Reset Values

An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.

CAPEC-216: Communication Channel Manipulation

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

CAPEC-36: Using Unpublished Interfaces or Functionality

An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.

CAPEC-62: Cross Site Request Forgery

An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply "riding" the existing session cookie.