CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3251 vulnerabilities reference this CWE, most recent first.
CVE-2021-3964 (GCVE-0-2021-3964)
Vulnerability from cvelistv5 – Published: 2021-12-01 11:25 – Updated: 2024-08-03 17:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a4df45d6-b739-4299-967… | x_refsource_CONFIRM |
| https://github.com/elgg/elgg/commit/d9fcad76ee380… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elgg/elgg",
"vendor": "elgg",
"versions": [
{
"lessThan": "3.3.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T11:25:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
],
"source": {
"advisory": "a4df45d6-b739-4299-967f-c960b569383a",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in elgg/elgg",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3964",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in elgg/elgg"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elgg/elgg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.22"
}
]
}
}
]
},
"vendor_name": "elgg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a"
},
{
"name": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744",
"refsource": "MISC",
"url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744"
}
]
},
"source": {
"advisory": "a4df45d6-b739-4299-967f-c960b569383a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3964",
"datePublished": "2021-12-01T11:25:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3852 (GCVE-0-2021-3852)
Vulnerability from cvelistv5 – Published: 2022-01-12 10:15 – Updated: 2024-08-03 17:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d44def81-2834-4031-903… | x_refsource_CONFIRM |
| https://github.com/weseek/growi/commit/863bfd7f62… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| weseek | weseek/growi |
Affected:
unspecified , < 4.4.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d44def81-2834-4031-9037-e923975c3852"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/weseek/growi/commit/863bfd7f622f413bd159b9446166fb1ce78ec863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "weseek/growi",
"vendor": "weseek",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "growi is vulnerable to Authorization Bypass Through User-Controlled Key"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T10:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d44def81-2834-4031-9037-e923975c3852"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/weseek/growi/commit/863bfd7f622f413bd159b9446166fb1ce78ec863"
}
],
"source": {
"advisory": "d44def81-2834-4031-9037-e923975c3852",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in weseek/growi",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3852",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in weseek/growi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "weseek/growi",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.4.8"
}
]
}
}
]
},
"vendor_name": "weseek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "growi is vulnerable to Authorization Bypass Through User-Controlled Key"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d44def81-2834-4031-9037-e923975c3852",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d44def81-2834-4031-9037-e923975c3852"
},
{
"name": "https://github.com/weseek/growi/commit/863bfd7f622f413bd159b9446166fb1ce78ec863",
"refsource": "MISC",
"url": "https://github.com/weseek/growi/commit/863bfd7f622f413bd159b9446166fb1ce78ec863"
}
]
},
"source": {
"advisory": "d44def81-2834-4031-9037-e923975c3852",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3852",
"datePublished": "2022-01-12T10:15:11.000Z",
"dateReserved": "2021-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-37094 (GCVE-0-2020-37094)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:01 – Updated: 2026-07-15 01:24- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48376 | exploit |
| https://www.espocrm.com | product |
| https://github.com/espocrm/espocrm/commit/b299220… | patch |
| https://www.vulncheck.com/advisories/espocrm-two-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37094",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T19:36:20.554721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T19:36:48.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/espocrm/espocrm",
"product": "EspoCRM",
"repo": "https://github.com/espocrm/espocrm",
"vendor": "EspoCRM",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "5.7.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.9.0",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Besim ALTINOK"
},
{
"lang": "en",
"type": "finder",
"value": "\u0130smail BOZKURT"
}
],
"datePublic": "2020-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication token for a controlled account and replay it against any victim account sharing the same password, since tokens are bound to password hashes rather than unique per-user values, bypassing the victim\u0027s 2FA protections."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:24:24.326Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48376",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48376"
},
{
"name": "EspoCRM Official Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.espocrm.com"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/espocrm/espocrm/commit/b299220dd0c7acdaa1ed8be8ffd79c7985093c7a"
},
{
"name": "VulnCheck Advisory",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/espocrm-two-factor-auth-bypass-via-auth-token-reuse-between-accounts-with-identical-passwords"
}
],
"title": "EspoCRM 5.7.0 \u003c 5.9.0 - Two-Factor Authentication Bypass via Auth Token Reuse Between Accounts with Identical Passwords",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37094",
"datePublished": "2026-02-03T22:01:52.861Z",
"dateReserved": "2026-02-01T13:16:06.487Z",
"dateUpdated": "2026-07-15T01:24:24.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37008 (GCVE-0-2020-37008)
Vulnerability from cvelistv5 – Published: 2026-01-29 14:28 – Updated: 2026-05-12 20:46- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48858 | exploit |
| https://www.elektraweb.com/en/ | product |
| https://www.vulncheck.com/advisories/easypms-auth… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Elektraweb | EasyPMS |
Affected:
1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37008",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T15:49:27.205263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:48:36.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48858"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EasyPMS",
"vendor": "Elektraweb",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jok3r"
}
],
"datePublic": "2020-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T20:46:24.594Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48858",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48858"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.elektraweb.com/en/"
},
{
"name": "VulnCheck Advisory: EasyPMS 1.0.0 - Authentication Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easypms-authentication-bypass"
}
],
"title": "EasyPMS 1.0.0 - Authentication Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37008",
"datePublished": "2026-01-29T14:28:30.079Z",
"dateReserved": "2026-01-27T15:47:08.001Z",
"dateUpdated": "2026-05-12T20:46:24.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36923 (GCVE-0-2020-36923)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 18:56- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://cxsecurity.com/issue/WLB-2020120031 | third-party-advisory |
| https://packetstormsecurity.com/files/160344 | exploit |
| https://pro.sony/ue_US/products/display-software | product |
| https://pro-bravia.sony.net/resources/software/br… | product |
| https://pro-bravia.sony.net | product |
| https://www.vulncheck.com/advisories/sony-bravia-… | third-party-advisory |
| https://www.zeroscience.mk/codes/sonybravia_idor.txt | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Electronics Inc. | Sony BRAVIA Digital Signage |
Affected:
<=1.7.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36923",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T18:52:18.623292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T18:56:11.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php"
},
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/codes/sonybravia_idor.txt"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sony BRAVIA Digital Signage",
"vendor": "Sony Electronics Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c=1.7.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like \u0027/#/content-creation\u0027 by manipulating client-side access restrictions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:52:27.572Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5611)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php"
},
{
"name": "IBM X-Force Exchange Vulnerability Entry",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192607"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2020120031"
},
{
"name": "Packet Storm Security Exploit Archive",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/160344"
},
{
"name": "Sony Professional Display Software Product Page",
"tags": [
"product"
],
"url": "https://pro.sony/ue_US/products/display-software"
},
{
"name": "BRAVIA Signage Software Resources",
"tags": [
"product"
],
"url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
},
{
"name": "Sony BRAVIA Digital Signage Official Homepage",
"tags": [
"product"
],
"url": "https://pro-bravia.sony.net"
},
{
"name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idor"
}
],
"title": "Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36923",
"datePublished": "2026-01-06T15:52:27.572Z",
"dateReserved": "2026-01-03T14:10:13.302Z",
"dateUpdated": "2026-01-06T18:56:11.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36895 (GCVE-0-2020-36895)
Vulnerability from cvelistv5 – Published: 2025-12-10 20:54 – Updated: 2025-12-11 18:53- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48764 | exploit |
| http://www.eibiz.co.th | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | vendor-advisoryvdb-entry |
| https://www.vulncheck.com/advisories/eibiz-i-medi… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| EIBIZ Co.,Ltd. | i-Media Server Digital Signage |
Affected:
0 , ≤ 3.8.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36895",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:55:49.999957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:53:13.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "i-Media Server Digital Signage",
"vendor": "EIBIZ Co.,Ltd.",
"versions": [
{
"lessThanOrEqual": "3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.\u003c/p\u003e"
}
],
"value": "EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T20:54:29.438Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48764",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48764"
},
{
"name": "EIBIZ Co.,Ltd. Product Homepage",
"tags": [
"product"
],
"url": "http://www.eibiz.co.th"
},
{
"name": "Zero Security Advisory ZSL-2020-5583",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php"
},
{
"name": "VulnCheck Advisory: EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-configuration-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36895",
"datePublished": "2025-12-10T20:54:29.438Z",
"dateReserved": "2025-12-09T11:46:53.451Z",
"dateUpdated": "2025-12-11T18:53:13.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-26068 (GCVE-0-2020-26068)
Vulnerability from cvelistv5 – Published: 2020-11-18 17:40 – Updated: 2024-11-13 17:40| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco TelePresence Endpoint Software (TC/CE) |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20201118 Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-26068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:22:19.788303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:40:15.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco TelePresence Endpoint Software (TC/CE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T17:40:14.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20201118 Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM"
}
],
"source": {
"advisory": "cisco-sa-tp-uathracc-jWNESUfM",
"defect": [
[
"CSCvu31646"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-11-18T16:00:00",
"ID": "CVE-2020-26068",
"STATE": "PUBLIC",
"TITLE": "Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Endpoint Software (TC/CE)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20201118 Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-uathracc-jWNESUfM"
}
]
},
"source": {
"advisory": "cisco-sa-tp-uathracc-jWNESUfM",
"defect": [
[
"CSCvu31646"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-26068",
"datePublished": "2020-11-18T17:40:14.843Z",
"dateReserved": "2020-09-24T00:00:00.000Z",
"dateUpdated": "2024-11-13T17:40:15.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16240 (GCVE-0-2020-16240)
Vulnerability from cvelistv5 – Published: 2020-09-23 13:06 – Updated: 2024-08-04 13:37- CWE-639 - AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GE Digital APM Classic |
Affected:
Versions 4.4 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE Digital APM Classic",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 4.4 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T13:06:07.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Digital APM Classic",
"version": {
"version_data": [
{
"version_value": "Versions 4.4 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16240",
"datePublished": "2020-09-23T13:06:07.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8297 (GCVE-0-2020-8297)
Vulnerability from cvelistv5 – Published: 2021-02-23 18:28 – Updated: 2024-08-04 09:56- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/882258 | x_refsource_MISC |
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_MISC |
| https://github.com/nextcloud/deck/pull/1976 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Deck |
Affected:
Fixed in 1.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/882258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/deck/pull/1976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Deck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-23T18:28:59.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/882258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/deck/pull/1976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Deck",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/882258",
"refsource": "MISC",
"url": "https://hackerone.com/reports/882258"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-007",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-007"
},
{
"name": "https://github.com/nextcloud/deck/pull/1976",
"refsource": "MISC",
"url": "https://github.com/nextcloud/deck/pull/1976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8297",
"datePublished": "2021-02-23T18:28:59.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:28.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8235 (GCVE-0-2020-8235)
Vulnerability from cvelistv5 – Published: 2020-10-05 13:16 – Updated: 2024-08-04 09:56- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/916704 | x_refsource_MISC |
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Deck app |
Affected:
Fixed in 1.0.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/916704"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Deck app",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 1.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-05T13:16:08.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/916704"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Deck app",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.0.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/916704",
"refsource": "MISC",
"url": "https://hackerone.com/reports/916704"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8235",
"datePublished": "2020-10-05T13:16:08.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.