CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3238 vulnerabilities reference this CWE, most recent first.
CVE-2022-2824 (GCVE-0-2022-2824)
Vulnerability from cvelistv5 – Published: 2022-08-15 15:50 – Updated: 2024-08-03 00:52- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5b… | x_refsource_CONFIRM |
| https://github.com/openemr/openemr/commit/c5d9945… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T07:48:13.987Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11"
}
],
"source": {
"advisory": "1ccb2d1c-6881-4813-a5bc-1603d29b7141",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in openemr/openemr",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2824",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141"
},
{
"name": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11"
}
]
},
"source": {
"advisory": "1ccb2d1c-6881-4813-a5bc-1603d29b7141",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2824",
"datePublished": "2022-08-15T15:50:09.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:52:58.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2808 (GCVE-0-2022-2808)
Vulnerability from cvelistv5 – Published: 2022-12-12 01:49 – Updated: 2026-05-20 06:52- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-22-0708 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Algan Software | Prens Student Information System |
Affected:
0 , < 2.1.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-22-0708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prens Student Information System",
"vendor": "Algan Software",
"versions": [
{
"lessThan": "2.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-01T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.\u003cp\u003eThis issue affects Prens Student Information System: before 2.1.11.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.\n\nThis issue affects Prens Student Information System: before 2.1.11."
}
],
"impacts": [
{
"capecId": "CAPEC-109",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-109 Object Relational Mapping Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T06:52:58.580Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-22-0708"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0708"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAlgan Software Prens Student Information System should be updated to \u0026gt;=\u0026nbsp;\n\n 2.1.11.\u003c/p\u003e"
}
],
"value": "Algan Software Prens Student Information System should be updated to \u003e=\u00a0\n\n 2.1.11."
}
],
"source": {
"advisory": "TR-22-0708",
"defect": [
"TR-22-0708"
],
"discovery": "EXTERNAL"
},
"title": "IDOR in Prens Student Information System",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2022-2808",
"datePublished": "2022-12-12T01:49:10.008Z",
"dateReserved": "2022-08-12T00:00:00.000Z",
"dateUpdated": "2026-05-20T06:52:58.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2730 (GCVE-0-2022-2730)
Vulnerability from cvelistv5 – Published: 2022-08-09 11:55 – Updated: 2024-08-03 00:46- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a81f39ab-092b-4941-b9c… | x_refsource_CONFIRM |
| https://github.com/openemr/openemr/commit/2973592… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T11:55:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
}
],
"source": {
"advisory": "a81f39ab-092b-4941-b9ca-c4c8f2191504",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2730",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504"
},
{
"name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
}
]
},
"source": {
"advisory": "a81f39ab-092b-4941-b9ca-c4c8f2191504",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2730",
"datePublished": "2022-08-09T11:55:10.000Z",
"dateReserved": "2022-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:04.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2535 (GCVE-0-2022-2535)
Vulnerability from cvelistv5 – Published: 2022-08-15 08:38 – Updated: 2024-08-03 00:39- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/0e13c375-044c-4c… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | SearchWP Live Ajax Search |
Affected:
1.6.2 , < 1.6.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SearchWP Live Ajax Search",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "1.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Angelo Delicato"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T08:38:09.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SearchWP Live Ajax Search \u003c 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2535",
"STATE": "PUBLIC",
"TITLE": "SearchWP Live Ajax Search \u003c 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SearchWP Live Ajax Search",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.2",
"version_value": "1.6.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Angelo Delicato"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2535",
"datePublished": "2022-08-15T08:38:10.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:39:08.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2367 (GCVE-0-2022-2367)
Vulnerability from cvelistv5 – Published: 2022-08-08 13:47 – Updated: 2024-08-03 00:32- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/46afb0c6-2d0c-4a… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WSM Downloader |
Affected:
1.4.0 , ≤ 1.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WSM Downloader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.4.0",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T13:47:24.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2367",
"STATE": "PUBLIC",
"TITLE": "WSM Downloader \u003c= 1.4.0 - Domain Name Restriction Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WSM Downloader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.4.0",
"version_value": "1.4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good \"link\" parameter validation"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/46afb0c6-2d0c-4a20-a9de-48f35ca93f0f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2367",
"datePublished": "2022-08-08T13:47:24.000Z",
"dateReserved": "2022-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2312 (GCVE-0-2022-2312)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:01 – Updated: 2024-08-03 00:32| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/7548c1fb-77b5-42… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Student Result or Employee Database |
Affected:
1.7.5 , < 1.7.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Student Result or Employee Database",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "1.7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vinay Varma Mudunuri"
},
{
"lang": "en",
"value": "Krishna Harsha Kondaveeti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:01:18.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Student Result or Employee Database \u003c 1.7.5 - Stored Cross Site Scripting via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2312",
"STATE": "PUBLIC",
"TITLE": "Student Result or Employee Database \u003c 1.7.5 - Stored Cross Site Scripting via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Student Result or Employee Database",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.5",
"version_value": "1.7.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vinay Varma Mudunuri"
},
{
"lang": "eng",
"value": "Krishna Harsha Kondaveeti"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2312",
"datePublished": "2022-08-22T15:01:18.000Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2198 (GCVE-0-2022-2198)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:00 – Updated: 2024-08-03 00:32- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/867248f2-d497-4e… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WPQA Builder |
Affected:
5.7 , < 5.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPQA Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.7",
"status": "affected",
"version": "5.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bikram kharal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:00:17.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPQA \u003c 5.7 - Subscriber+ Private Message Disclosure via IDOR",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2198",
"STATE": "PUBLIC",
"TITLE": "WPQA \u003c 5.7 - Subscriber+ Private Message Disclosure via IDOR"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPQA Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.7",
"version_value": "5.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bikram kharal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2198",
"datePublished": "2022-08-22T15:00:17.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:08.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2080 (GCVE-0-2022-2080)
Vulnerability from cvelistv5 – Published: 2022-08-29 14:40 – Updated: 2024-08-03 00:24- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5395d196-a39a-4a… | x_refsource_MISC |
| https://hackerone.com/reports/1592596 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Sensei LMS – Online Courses, Quizzes, & Learning |
Affected:
4.5.2 , < 4.5.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1592596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sensei LMS \u2013 Online Courses, Quizzes, \u0026 Learning",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.2",
"status": "affected",
"version": "4.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veshraj Ghimire"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T14:40:27.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1592596"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensei LMS \u003c 4.5.2 - Arbitrary Private Message Sending via IDOR",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2080",
"STATE": "PUBLIC",
"TITLE": "Sensei LMS \u003c 4.5.2 - Arbitrary Private Message Sending via IDOR"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sensei LMS \u2013 Online Courses, Quizzes, \u0026 Learning",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.5.2",
"version_value": "4.5.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veshraj Ghimire"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5"
},
{
"name": "https://hackerone.com/reports/1592596",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1592596"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2080",
"datePublished": "2022-08-29T14:40:27.000Z",
"dateReserved": "2022-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1996 (GCVE-0-2022-1996)
Vulnerability from cvelistv5 – Published: 2022-06-06 00:00 – Updated: 2024-08-03 00:24- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/be837427-415c-4d8c-808… | |
| https://github.com/emicklei/go-restful/commit/fd3… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2022092… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| emicklei | emicklei/go-restful |
Affected:
unspecified , < v3.8.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"
},
{
"name": "FEDORA-2022-185697ef56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"
},
{
"name": "FEDORA-2022-589a0ad690",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
},
{
"name": "FEDORA-2023-6550d9323b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"
},
{
"name": "FEDORA-2023-4e2068ba5d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"
},
{
"name": "FEDORA-2023-c9b2182a4e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "emicklei/go-restful",
"vendor": "emicklei",
"versions": [
{
"lessThan": "v3.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"
},
{
"url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"
},
{
"name": "FEDORA-2022-185697ef56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"
},
{
"name": "FEDORA-2022-589a0ad690",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
},
{
"name": "FEDORA-2023-6550d9323b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"
},
{
"name": "FEDORA-2023-4e2068ba5d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"
},
{
"name": "FEDORA-2023-c9b2182a4e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"
}
],
"source": {
"advisory": "be837427-415c-4d8c-808b-62ce20aa84f1",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in emicklei/go-restful"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1996",
"datePublished": "2022-06-06T00:00:00.000Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1810 (GCVE-0-2022-1810)
Vulnerability from cvelistv5 – Published: 2022-05-23 00:00 – Updated: 2024-08-03 00:16- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| publify | publify/publify |
Affected:
unspecified , < 9.2.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "publify/publify",
"vendor": "publify",
"versions": [
{
"lessThan": "9.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb"
},
{
"url": "https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce"
}
],
"source": {
"advisory": "9b2d7579-032e-42da-b736-4b10a868eacb",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in publify/publify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1810",
"datePublished": "2022-05-23T00:00:00.000Z",
"dateReserved": "2022-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.