CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3217 vulnerabilities reference this CWE, most recent first.
CVE-2024-39900 (GCVE-0-2024-39900)
Vulnerability from cvelistv5 – Published: 2024-07-09 21:17 – Updated: 2024-08-02 04:33- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/opensearch-project/reporting/s… | x_refsource_CONFIRM |
| https://github.com/opensearch-project/reporting/c… | x_refsource_MISC |
| https://opensearch.org/versions/opensearch-2-14-0.html | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| opensearch-project | reporting |
Affected:
< 2.14.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T16:28:44.073264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:49:15.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q"
},
{
"name": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992"
},
{
"name": "https://opensearch.org/versions/opensearch-2-14-0.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reporting",
"vendor": "opensearch-project",
"versions": [
{
"status": "affected",
"version": "\u003c 2.14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSearch Dashboards Reports allows \u2018Report Owner\u2019 export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T21:17:21.652Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q"
},
{
"name": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992"
},
{
"name": "https://opensearch.org/versions/opensearch-2-14-0.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"source": {
"advisory": "GHSA-xmvg-335g-x44q",
"discovery": "UNKNOWN"
},
"title": "OpenSearch Dashboards Reports does not properly restrict access to private tenant resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39900",
"datePublished": "2024-07-09T21:17:21.652Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39897 (GCVE-0-2024-39897)
Vulnerability from cvelistv5 – Published: 2024-07-09 18:48 – Updated: 2024-08-02 04:33- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/project-zot/zot/security/advis… | x_refsource_CONFIRM |
| https://github.com/project-zot/zot/commit/aaee022… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| project-zot | zot |
Affected:
< 2.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:35:45.771671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:35:52.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r"
},
{
"name": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zot",
"vendor": "project-zot",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is enabled (it is enabled by default), then an attacker who knows the name of an image and the digest of a blob (that they do not have read access to), they may maliciously read it via a second repository they do have read access to. \n This attack is possible because [`ImageStore.CheckBlob()` calls `checkCacheBlob()`](https://github.com/project-zot/zot/blob/v2.1.0-rc2/pkg/storage/imagestore/imagestore.go#L1158-L1159) to find the blob a global cache by searching for the digest. If it is found, it is copied to the user requested repository with `copyBlob()`. The attack may be mitigated by configuring \"dedupe\": false in the \"storage\" settings. The vulnerability is fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T18:48:24.335Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r"
},
{
"name": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df"
}
],
"source": {
"advisory": "GHSA-55r9-5mx9-qq7r",
"discovery": "UNKNOWN"
},
"title": "Cache driver GetBlob() allows read access to any blob without access control check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39897",
"datePublished": "2024-07-09T18:48:24.335Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39642 (GCVE-0-2024-39642)
Vulnerability from cvelistv5 – Published: 2024-08-13 10:47 – Updated: 2026-04-28 16:10- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/lea… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| ThimPress | LearnPress |
Affected:
n/a , ≤ 4.2.6.8.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T15:53:21.835684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T15:53:36.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learnpress",
"product": "LearnPress",
"vendor": "ThimPress",
"versions": [
{
"changes": [
{
"at": "4.2.6.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.6.8.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects LearnPress: from n/a through 4.2.6.8.2.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:07.667Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-6-8-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.2.6.9 or a higher version."
}
],
"value": "Update to 4.2.6.9 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress LearnPress plugin \u003c= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-39642",
"datePublished": "2024-08-13T10:47:20.445Z",
"dateReserved": "2024-06-26T21:18:49.917Z",
"dateUpdated": "2026-04-28T16:10:07.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39321 (GCVE-0-2024-39321)
Vulnerability from cvelistv5 – Published: 2024-07-05 17:32 – Updated: 2024-08-02 04:19- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/traefik/traefik/security/advis… | x_refsource_CONFIRM |
| https://github.com/traefik/traefik/releases/tag/v2.11.6 | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v3.0.4 | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T20:07:02.660742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:07:14.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.11.6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.6"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.0.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.4"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.6"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-beta3, \u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.1.0-rc1, \u003c 3.1.0-rc3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:32:06.688Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.11.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.6"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.4"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3"
}
],
"source": {
"advisory": "GHSA-gxrv-wf35-62w9",
"discovery": "UNKNOWN"
},
"title": "Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39321",
"datePublished": "2024-07-05T17:32:06.688Z",
"dateReserved": "2024-06-21T18:15:22.263Z",
"dateUpdated": "2024-08-02T04:19:20.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39319 (GCVE-0-2024-39319)
Vulnerability from cvelistv5 – Published: 2024-09-26 16:07 – Updated: 2024-09-26 18:24- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_CONFIRM |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| aimeos | ai-controller-frontend |
Affected:
= 2024.04.1
Affected: >= 2023.04.1, < 2023.10.9 Affected: >= 2022.04.1, < 2022.10.8 Affected: >= 2021.04.1, < 2021.10.8 Affected: < 2020.10.15 |
|
| aimeos_project | ai-controller-frontend |
Affected:
2024.04.1
Affected: 2023.04.1 , < 2023.10.9 (custom) Affected: 2022.04.1 , < 2022.10.8 (custom) Affected: 2021.04.1 , < 2021.10.8 (custom) Affected: 0 , < 2020.10.15 (custom) cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ai-controller-frontend",
"vendor": "aimeos_project",
"versions": [
{
"status": "affected",
"version": "2024.04.1"
},
{
"lessThan": "2023.10.9",
"status": "affected",
"version": "2023.04.1",
"versionType": "custom"
},
{
"lessThan": "2022.10.8",
"status": "affected",
"version": "2022.04.1",
"versionType": "custom"
},
{
"lessThan": "2021.10.8",
"status": "affected",
"version": "2021.04.1",
"versionType": "custom"
},
{
"lessThan": "2020.10.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:55:58.738464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:24:00.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ai-controller-frontend",
"vendor": "aimeos",
"versions": [
{
"status": "affected",
"version": "= 2024.04.1"
},
{
"status": "affected",
"version": "\u003e= 2023.04.1, \u003c 2023.10.9"
},
{
"status": "affected",
"version": "\u003e= 2022.04.1, \u003c 2022.10.8"
},
{
"status": "affected",
"version": "\u003e= 2021.04.1, \u003c 2021.10.8"
},
{
"status": "affected",
"version": "\u003c 2020.10.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:07:01.482Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85"
}
],
"source": {
"advisory": "GHSA-rw3j-574h-mrcq",
"discovery": "UNKNOWN"
},
"title": "aimeos/ai-controller-frontend has IDOR vulnerability in account profile page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39319",
"datePublished": "2024-09-26T16:07:01.482Z",
"dateReserved": "2024-06-21T18:15:22.262Z",
"dateUpdated": "2024-09-26T18:24:00.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38827 (GCVE-0-2024-38827)
Vulnerability from cvelistv5 – Published: 2024-12-02 14:32 – Updated: 2025-01-24 20:03| Vendor | Product | Version | |
|---|---|---|---|
| Spring by VMware Tanzu | Spring Security |
Affected:
5.7.0 - 5.7.13, 5.8.0 - 5.8.15, 6.0.0 - 6.0.13, 6.1.0 - 6.1.11, 6.2.0 - 6.2.7, 6.3.0 - 6.3.4, Older unsupported versions are also affected
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T15:27:02.642978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T15:27:27.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:06.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring by VMware Tanzu",
"versions": [
{
"status": "affected",
"version": "5.7.0 - 5.7.13, 5.8.0 - 5.8.15, 6.0.0 - 6.0.13, 6.1.0 - 6.1.11, 6.2.0 - 6.2.7, 6.3.0 - 6.3.4, Older unsupported versions are also affected"
}
]
}
],
"datePublic": "2024-11-19T14:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe usage of \u003c/span\u003e\u003ccode\u003eString.toLowerCase()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003ccode\u003eString.toUpperCase()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;has some \u003c/span\u003e\u003ccode\u003eLocale\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;dependent exceptions that could potentially result in authorization rules not working properly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The usage of String.toLowerCase()\u00a0and String.toUpperCase()\u00a0has some Locale\u00a0dependent exceptions that could potentially result in authorization rules not working properly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T14:32:12.471Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38827"
}
],
"source": {
"advisory": "cve-2024-38827",
"discovery": "UNKNOWN"
},
"title": "Spring Security Authorization Bypass for Case Sensitive Comparisons",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38827",
"datePublished": "2024-12-02T14:32:12.471Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2025-01-24T20:03:06.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38701 (GCVE-0-2024-38701)
Vulnerability from cvelistv5 – Published: 2024-07-22 10:14 – Updated: 2026-04-28 16:10- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/aca… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Academy LMS | Academy LMS |
Affected:
n/a , ≤ 2.0.4
(custom)
|
|
| kodezen | academy_lms |
Affected:
0 , ≤ 2.0.4
(custom)
cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "academy_lms",
"vendor": "kodezen",
"versions": [
{
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38701",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T13:20:57.738513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-11T13:44:14.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "academy",
"product": "Academy LMS",
"vendor": "Academy LMS",
"versions": [
{
"changes": [
{
"at": "2.0.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "filime (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.\u003cp\u003eThis issue affects Academy LMS: from n/a through 2.0.4.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:04.747Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.0.5 or a higher version."
}
],
"value": "Update to 2.0.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Academy LMS plugin \u003c= 2.0.4 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38701",
"datePublished": "2024-07-22T10:14:44.172Z",
"dateReserved": "2024-06-19T11:16:10.229Z",
"dateUpdated": "2026-04-28T16:10:04.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37889 (GCVE-0-2024-37889)
Vulnerability from cvelistv5 – Published: 2024-06-14 19:12 – Updated: 2024-08-02 03:57- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/TreyWW/MyFinances/security/adv… | x_refsource_CONFIRM |
| https://github.com/TreyWW/MyFinances/commit/2c1e6… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| TreyWW | MyFinances |
Affected:
< 0.4.6
|
|
| treyww | myfinances |
Affected:
0 , < 0.4.6
(custom)
cpe:2.3:a:treyww:myfinances:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:treyww:myfinances:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "myfinances",
"vendor": "treyww",
"versions": [
{
"lessThan": "0.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T22:01:42.829414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T22:03:37.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:40.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2"
},
{
"name": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MyFinances",
"vendor": "TreyWW",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T19:12:14.977Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2"
},
{
"name": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f"
}
],
"source": {
"advisory": "GHSA-4884-3gvp-3wj2",
"discovery": "UNKNOWN"
},
"title": "MyFinances Allows Unauthorized Access to Other Customer Data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37889",
"datePublished": "2024-06-14T19:12:14.977Z",
"dateReserved": "2024-06-10T19:54:41.360Z",
"dateUpdated": "2024-08-02T03:57:40.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37277 (GCVE-0-2024-37277)
Vulnerability from cvelistv5 – Published: 2024-11-01 14:18 – Updated: 2026-04-28 16:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/pai… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Paid Memberships Pro | Paid Memberships Pro |
Affected:
n/a , ≤ 3.0.4
(custom)
|
|
| paidmembershipspro | paid_memberships_pro |
Affected:
0 , ≤ 3.0.4
(semver)
cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "paid_memberships_pro",
"vendor": "paidmembershipspro",
"versions": [
{
"lessThanOrEqual": "3.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:01:52.531287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:01:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "paid-memberships-pro",
"product": "Paid Memberships Pro",
"vendor": "Paid Memberships Pro",
"versions": [
{
"changes": [
{
"at": "3.0.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Paid Memberships Pro: from n/a through 3.0.4.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:58.258Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-3-0-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.0.5 or a higher version."
}
],
"value": "Update to 3.0.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Paid Memberships Pro plugin \u003c= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37277",
"datePublished": "2024-11-01T14:18:26.766Z",
"dateReserved": "2024-06-04T19:25:31.927Z",
"dateUpdated": "2026-04-28T16:09:58.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36399 (GCVE-0-2024-36399)
Vulnerability from cvelistv5 – Published: 2024-06-06 15:15 – Updated: 2024-08-02 03:37| URL | Tags |
|---|---|
| https://github.com/kanboard/kanboard/security/adv… | x_refsource_CONFIRM |
| https://github.com/kanboard/kanboard/commit/b6703… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"lessThanOrEqual": "1.2.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T17:56:20.351547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:57:49.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "1.2.37"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the \u0027Project Manager\u0027 on a single project may take over any other project. The vulnerability is fixed in 1.2.37."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:15:46.978Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv"
},
{
"name": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7"
}
],
"source": {
"advisory": "GHSA-x8v7-3ghx-65cv",
"discovery": "UNKNOWN"
},
"title": "Kanboard affected by Project Takeover via IDOR in ProjectPermissionController"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36399",
"datePublished": "2024-06-06T15:15:46.978Z",
"dateReserved": "2024-05-27T15:59:57.030Z",
"dateUpdated": "2024-08-02T03:37:05.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.