CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3245 vulnerabilities reference this CWE, most recent first.
CVE-2021-36801 (GCVE-0-2021-36801)
Vulnerability from cvelistv5 – Published: 2021-08-04 22:20 – Updated: 2024-09-16 16:28- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2021/07/27/multi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Akaunting",
"vendor": "Akaunting",
"versions": [
{
"lessThanOrEqual": "2.1.12",
"status": "affected",
"version": "2.1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Wiktor S\u0119dkowski of Nokia and Trevor Christiansen of Rapid7 discovered and reported this issue through Rapid7\u0027s vulnerability disclosure program."
}
],
"datePublic": "2021-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T22:20:40.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Akaunting Authentication Bypass in Company Selection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-07-27T13:05:00.000Z",
"ID": "CVE-2021-36801",
"STATE": "PUBLIC",
"TITLE": "Akaunting Authentication Bypass in Company Selection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Akaunting",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.1.12",
"version_value": "2.1.12"
}
]
}
}
]
},
"vendor_name": "Akaunting"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Wiktor S\u0119dkowski of Nokia and Trevor Christiansen of Rapid7 discovered and reported this issue through Rapid7\u0027s vulnerability disclosure program."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-36801",
"datePublished": "2021-08-04T22:20:40.098Z",
"dateReserved": "2021-07-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:17.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36329 (GCVE-0-2021-36329)
Vulnerability from cvelistv5 – Published: 2021-11-30 20:40 – Updated: 2024-09-16 19:46- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-in/00019369… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell EMC Streaming Data Platform |
Affected:
unspecified , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell EMC Streaming Data Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-30T20:40:17.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-11-19",
"ID": "CVE-2021-36329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell EMC Streaming Data Platform",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36329",
"datePublished": "2021-11-30T20:40:18.040Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:46:28.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32744 (GCVE-0-2021-32744)
Vulnerability from cvelistv5 – Published: 2021-07-21 16:00 – Updated: 2024-08-03 23:33- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/CollaboraOnline/online/securit… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| CollaboraOnline | online |
Affected:
< 4.2.17-1
Affected: >= 6.4.0, < 6.4.9-5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "online",
"vendor": "CollaboraOnline",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.17-1"
},
{
"status": "affected",
"version": "\u003e= 6.4.0, \u003c 6.4.9-5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T16:00:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"
}
],
"source": {
"advisory": "GHSA-32xj-9x82-q9jw",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated attacker could gain access to currently open files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32744",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated attacker could gain access to currently open files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "online",
"version": {
"version_data": [
{
"version_value": "\u003c 4.2.17-1"
},
{
"version_value": "\u003e= 6.4.0, \u003c 6.4.9-5"
}
]
}
}
]
},
"vendor_name": "CollaboraOnline"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential \"IDOR\" - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw",
"refsource": "CONFIRM",
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-32xj-9x82-q9jw"
}
]
},
"source": {
"advisory": "GHSA-32xj-9x82-q9jw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32744",
"datePublished": "2021-07-21T16:00:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32654 (GCVE-0-2021-32654)
Vulnerability from cvelistv5 – Published: 2021-06-01 20:45 – Updated: 2024-08-03 23:25- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://hackerone.com/reports/1170024 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202208-17 | vendor-advisoryx_refsource_GENTOO |
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 19.0.11
Affected: >= 20.0.0, < 20.0.10 Affected: >= 21.0.0, < 21.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1170024"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 19.0.11"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.10"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:11:03.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1170024"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"source": {
"advisory": "GHSA-jf9h-v24c-22g5",
"discovery": "UNKNOWN"
},
"title": "Attacker can obtain write access to any federated share/public link",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32654",
"STATE": "PUBLIC",
"TITLE": "Attacker can obtain write access to any federated share/public link"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 19.0.11"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.10"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.2"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5"
},
{
"name": "https://hackerone.com/reports/1170024",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1170024"
},
{
"name": "GLSA-202208-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-17"
}
]
},
"source": {
"advisory": "GHSA-jf9h-v24c-22g5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32654",
"datePublished": "2021-06-01T20:45:12.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:30.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25096 (GCVE-0-2021-25096)
Vulnerability from cvelistv5 – Published: 2022-02-07 15:47 – Updated: 2024-08-03 19:56- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://plugins.trac.wordpress.org/changeset/2652469 | x_refsource_CONFIRM |
| https://wpscan.com/vulnerability/e6dd140e-0c9d-41… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | IP2Location Country Blocker |
Affected:
2.26.5 , < 2.26.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2652469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e6dd140e-0c9d-41dc-821e-4910a13122c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP2Location Country Blocker",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.26.5",
"status": "affected",
"version": "2.26.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T15:47:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2652469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e6dd140e-0c9d-41dc-821e-4910a13122c1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "IP2Location Country Blocker \u003c 2.26.5 - Ban Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25096",
"STATE": "PUBLIC",
"TITLE": "IP2Location Country Blocker \u003c 2.26.5 - Ban Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP2Location Country Blocker",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.26.5",
"version_value": "2.26.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2652469",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2652469"
},
{
"name": "https://wpscan.com/vulnerability/e6dd140e-0c9d-41dc-821e-4910a13122c1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e6dd140e-0c9d-41dc-821e-4910a13122c1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25096",
"datePublished": "2022-02-07T15:47:20.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:10.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24892 (GCVE-0-2021-24892)
Vulnerability from cvelistv5 – Published: 2021-11-23 19:16 – Updated: 2024-08-03 19:49- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/364b0843-a990-42… | x_refsource_MISC |
| https://github.com/advancedforms/advanced-forms/c… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| TODO | Advanced Forms Ppro |
Affected:
1.6.9 , < 1.6.9
(custom)
|
|
| TODO | Advanced Forms |
Affected:
1.6.9 , < 1.6.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/364b0843-a990-4204-848a-60c928cc5bc0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/advancedforms/advanced-forms/commit/2ce3ab6985c3a909eefb01c562995bc6a994d3a2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Forms Ppro",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.6.9",
"status": "affected",
"version": "1.6.9",
"versionType": "custom"
}
]
},
{
"product": "Advanced Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.6.9",
"status": "affected",
"version": "1.6.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Suppawit Punhakit"
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Direct Object Reference in edit function of Advanced Forms (Free \u0026 Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user\u0027s email address and request for reset password, which could lead to take over of WordPress\u0027s administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress\u0027s user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:16:23.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/364b0843-a990-4204-848a-60c928cc5bc0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advancedforms/advanced-forms/commit/2ce3ab6985c3a909eefb01c562995bc6a994d3a2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced Forms \u003c 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24892",
"STATE": "PUBLIC",
"TITLE": "Advanced Forms \u003c 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Forms Ppro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.9",
"version_value": "1.6.9"
}
]
}
},
{
"product_name": "Advanced Forms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.9",
"version_value": "1.6.9"
}
]
}
}
]
},
"vendor_name": "TODO"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Suppawit Punhakit"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference in edit function of Advanced Forms (Free \u0026 Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user\u0027s email address and request for reset password, which could lead to take over of WordPress\u0027s administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress\u0027s user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/364b0843-a990-4204-848a-60c928cc5bc0",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/364b0843-a990-4204-848a-60c928cc5bc0"
},
{
"name": "https://github.com/advancedforms/advanced-forms/commit/2ce3ab6985c3a909eefb01c562995bc6a994d3a2",
"refsource": "MISC",
"url": "https://github.com/advancedforms/advanced-forms/commit/2ce3ab6985c3a909eefb01c562995bc6a994d3a2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24892",
"datePublished": "2021-11-23T19:16:23.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:13.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24840 (GCVE-0-2021-24840)
Vulnerability from cvelistv5 – Published: 2021-11-08 17:35 – Updated: 2024-08-03 19:42- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/971302fd-4e8b-4c… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Squaretype |
Affected:
3.0.4 , < 3.0.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Squaretype",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "3.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Emil Kylander Edwartz"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T17:35:33.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Squaretype Modern Blog \u003c 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24840",
"STATE": "PUBLIC",
"TITLE": "Squaretype Modern Blog \u003c 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Squaretype",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.4",
"version_value": "3.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Emil Kylander Edwartz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24840",
"datePublished": "2021-11-08T17:35:33.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24800 (GCVE-0-2021-24800)
Vulnerability from cvelistv5 – Published: 2022-04-25 15:50 – Updated: 2024-08-03 19:42- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/cd37ca81-d683-49… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | DW Question Answer Pro |
Affected:
1.3.4 , ≤ 1.3.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DW Question Answer Pro",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3.4",
"status": "affected",
"version": "1.3.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DW Question \u0026 Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T15:50:41.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DW Question \u0026 Answer Pro \u003c= 1.3.4 - Arbitrary Comment Edition via IDOR",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24800",
"STATE": "PUBLIC",
"TITLE": "DW Question \u0026 Answer Pro \u003c= 1.3.4 - Arbitrary Comment Edition via IDOR"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DW Question Answer Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3.4",
"version_value": "1.3.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DW Question \u0026 Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24800",
"datePublished": "2022-04-25T15:50:41.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24739 (GCVE-0-2021-24739)
Vulnerability from cvelistv5 – Published: 2021-12-21 08:45 – Updated: 2024-08-03 19:42- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/2afadc76-93ad-47… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery |
Affected:
3.4.2 , < 3.4.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logo Carousel \u2013 Logo Slider, Logo Showcase, and Clients Logo Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-21T08:45:28.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Logo Carousel \u003c 3.4.2 - Unauthorised Private Post Access",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24739",
"STATE": "PUBLIC",
"TITLE": "Logo Carousel \u003c 3.4.2 - Unauthorised Private Post Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logo Carousel \u2013 Logo Slider, Logo Showcase, and Clients Logo Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24739",
"datePublished": "2021-12-21T08:45:28.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24655 (GCVE-0-2021-24655)
Vulnerability from cvelistv5 – Published: 2022-07-17 10:35 – Updated: 2024-08-03 19:35- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/cce03550-7f65-41… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP User Manager – User Profile Builder & Membership |
Affected:
2.6.3 , < 2.6.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP User Manager \u2013 User Profile Builder \u0026 Membership",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "2.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "AyeCode Ltd"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T10:35:28.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP User Manager \u003c 2.6.3 - Arbitrary User Password Reset to Account Compromise",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24655",
"STATE": "PUBLIC",
"TITLE": "WP User Manager \u003c 2.6.3 - Arbitrary User Password Reset to Account Compromise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP User Manager \u2013 User Profile Builder \u0026 Membership",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6.3",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "AyeCode Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24655",
"datePublished": "2022-07-17T10:35:28.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.