CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3251 vulnerabilities reference this CWE, most recent first.
CVE-2020-8154 (GCVE-0-2020-8154)
Vulnerability from cvelistv5 – Published: 2020-05-12 13:01 – Updated: 2024-08-04 09:48- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/819807 | x_refsource_MISC |
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Server |
Affected:
18.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/819807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-018"
},
{
"name": "openSUSE-SU-2020:0667",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00037.html"
},
{
"name": "openSUSE-SU-2020:0668",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00038.html"
},
{
"name": "openSUSE-SU-2020:0670",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00040.html"
},
{
"name": "openSUSE-SU-2020:1652",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html"
},
{
"name": "FEDORA-2020-c9863904de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "18.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T18:06:18.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/819807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-018"
},
{
"name": "openSUSE-SU-2020:0667",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00037.html"
},
{
"name": "openSUSE-SU-2020:0668",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00038.html"
},
{
"name": "openSUSE-SU-2020:0670",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00040.html"
},
{
"name": "openSUSE-SU-2020:1652",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html"
},
{
"name": "FEDORA-2020-c9863904de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "18.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/819807",
"refsource": "MISC",
"url": "https://hackerone.com/reports/819807"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-018",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-018"
},
{
"name": "openSUSE-SU-2020:0667",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00037.html"
},
{
"name": "openSUSE-SU-2020:0668",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00038.html"
},
{
"name": "openSUSE-SU-2020:0670",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00040.html"
},
{
"name": "openSUSE-SU-2020:1652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html"
},
{
"name": "FEDORA-2020-c9863904de",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8154",
"datePublished": "2020-05-12T13:01:26.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:25.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25487 (GCVE-0-2019-25487)
Vulnerability from cvelistv5 – Published: 2026-03-11 18:23 – Updated: 2026-07-15 01:23- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47031 | exploit |
| https://www.vulncheck.com/advisories/sapido-rb-17… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25487",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T19:07:58.999623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T19:31:00.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RB-1732",
"vendor": "Sapido",
"versions": [
{
"status": "affected",
"version": "2.0.43"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sapido:rb-1732:2.0.43:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "k1nm3n.aotoi"
}
],
"datePublic": "2019-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.\u003c/p\u003e"
}
],
"value": "SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:23:56.692Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47031",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47031"
},
{
"name": "VulnCheck Advisory: SAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmd",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sapido-rb-1732-remote-command-execution-via-formsyscmd"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmd",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25487",
"datePublished": "2026-03-11T18:23:23.999Z",
"dateReserved": "2026-02-23T17:23:37.579Z",
"dateUpdated": "2026-07-15T01:23:56.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25235 (GCVE-0-2019-25235)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2026-03-05 12:02- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47595 | exploit |
| https://www.smartwares.eu | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Smartwares | Smartwares HOME easy |
Affected:
1.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:05:39.585497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:23:58.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Smartwares HOME easy",
"vendor": "Smartwares",
"versions": [
{
"status": "affected",
"version": "1.0.9"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:smartwares:home_easy:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2019-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T12:02:16.765Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47595",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47595"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.smartwares.eu"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5540)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php"
}
],
"title": "Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25235",
"datePublished": "2025-12-24T19:27:55.565Z",
"dateReserved": "2025-12-24T14:27:12.475Z",
"dateUpdated": "2026-03-05T12:02:16.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-15582 (GCVE-0-2019-15582)
Vulnerability from cvelistv5 – Published: 2020-01-28 02:36 – Updated: 2024-08-05 00:49- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://about.gitlab.com/blog/2019/09/30/security… | x_refsource_MISC |
| https://hackerone.com/reports/566216 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/566216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab EE",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 12.3.2"
},
{
"status": "affected",
"version": "before 12.2.6"
},
{
"status": "affected",
"version": "before 12.1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR was discovered in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T02:36:05.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/566216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab EE",
"version": {
"version_data": [
{
"version_value": "before 12.3.2"
},
{
"version_value": "before 12.2.6"
},
{
"version_value": "before 12.1.12"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR was discovered in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"name": "https://hackerone.com/reports/566216",
"refsource": "MISC",
"url": "https://hackerone.com/reports/566216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15582",
"datePublished": "2020-01-28T02:36:05.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:49:13.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15581 (GCVE-0-2019-15581)
Vulnerability from cvelistv5 – Published: 2020-01-28 02:43 – Updated: 2024-08-05 00:49- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://about.gitlab.com/blog/2019/09/30/security… | x_refsource_MISC |
| https://hackerone.com/reports/518995 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/518995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab EE",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 12.3.2"
},
{
"status": "affected",
"version": "before 12.2.6"
},
{
"status": "affected",
"version": "before 12.1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR exists in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T02:43:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/518995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab EE",
"version": {
"version_data": [
{
"version_value": "before 12.3.2"
},
{
"version_value": "before 12.2.6"
},
{
"version_value": "before 12.1.12"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR exists in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"name": "https://hackerone.com/reports/518995",
"refsource": "MISC",
"url": "https://hackerone.com/reports/518995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15581",
"datePublished": "2020-01-28T02:43:00.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:49:13.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5469 (GCVE-0-2019-5469)
Vulnerability from cvelistv5 – Published: 2019-12-18 20:59 – Updated: 2024-08-04 19:54- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/534794 | x_refsource_MISC |
| https://gitlab.com/gitlab-org/gitlab-ce/issues/60551 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/534794"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed versions 12.1.2, 12.0.4, and 11.11.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR vulnerability exists in GitLab \u003cv12.1.2, \u003cv12.0.4, and \u003cv11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T20:59:50.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/534794"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "Fixed versions 12.1.2, 12.0.4, and 11.11.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR vulnerability exists in GitLab \u003cv12.1.2, \u003cv12.0.4, and \u003cv11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/534794",
"refsource": "MISC",
"url": "https://hackerone.com/reports/534794"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60551",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5469",
"datePublished": "2019-12-18T20:59:50.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5466 (GCVE-0-2019-5466)
Vulnerability from cvelistv5 – Published: 2020-01-28 02:39 – Updated: 2024-08-04 19:54- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
| URL | Tags |
|---|---|
| https://about.gitlab.com/releases/2019/07/29/secu… | x_refsource_MISC |
| https://hackerone.com/reports/507113 | x_refsource_MISC |
| https://gitlab.com/gitlab-org/gitlab-ce/issues/59809 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GitLab CE/EE |
Affected:
Affects GitLab CE/EE 11.5 and later
Affected: Fixed in 12.1.2 in 12.0.4 and in 11.11.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/507113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects GitLab CE/EE 11.5 and later"
},
{
"status": "affected",
"version": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T02:39:28.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/507113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "Affects GitLab CE/EE 11.5 and later"
},
{
"version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"
},
{
"name": "https://hackerone.com/reports/507113",
"refsource": "MISC",
"url": "https://hackerone.com/reports/507113"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5466",
"datePublished": "2020-01-28T02:39:28.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25270 (GCVE-0-2018-25270)
Vulnerability from cvelistv5 – Published: 2026-04-22 14:57 – Updated: 2026-04-22 15:59- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45978 | exploit |
| https://thinkphp.cn | product |
| https://github.com/top-think/framework/ | product |
| https://www.vulncheck.com/advisories/thinkphp-rem… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T15:57:46.876160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T15:59:29.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ThinkPHP",
"vendor": "Thinkphp",
"versions": [
{
"status": "affected",
"version": "5.0.23"
},
{
"status": "affected",
"version": "5.1.31"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:5.1.31:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:5.0.23:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:6.1.3:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:8.0.4:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:8.0.3:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:8.0.2:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:8.0.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:8.0.0:beta:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:6.1.5:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:6.1.4:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:6.0.16:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thinkphp:thinkphp:6.0.15:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "VulnSpy"
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T14:57:03.961Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45978",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45978"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://thinkphp.cn"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://github.com/top-think/framework/"
},
{
"name": "VulnCheck Advisory: ThinkPHP 5.0.23 Remote Code Execution via invokefunction",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/thinkphp-remote-code-execution-via-invokefunction"
}
],
"title": "ThinkPHP 5.0.23 Remote Code Execution via invokefunction",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25270",
"datePublished": "2026-04-22T14:57:03.961Z",
"dateReserved": "2026-04-22T14:32:40.667Z",
"dateUpdated": "2026-04-22T15:59:29.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25129 (GCVE-0-2018-25129)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:27- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46832 | exploit |
| http://www.socatech.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| SOCA Technology Co., Ltd | SOCA Access Control System |
Affected:
180612
Affected: 170000 Affected: 141007 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25129",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:14:36.798266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:27:15.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SOCA Access Control System",
"vendor": "SOCA Technology Co., Ltd",
"versions": [
{
"status": "affected",
"version": "180612"
},
{
"status": "affected",
"version": "170000"
},
{
"status": "affected",
"version": "141007"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:43.322Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46832",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46832"
},
{
"name": "SOCA Technology Product Homepage",
"tags": [
"product"
],
"url": "http://www.socatech.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5517)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php"
}
],
"title": "SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25129",
"datePublished": "2025-12-24T19:27:43.322Z",
"dateReserved": "2025-12-24T14:28:02.432Z",
"dateUpdated": "2025-12-24T20:27:15.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-20223 (GCVE-0-2017-20223)
Vulnerability from cvelistv5 – Published: 2026-03-16 01:28 – Updated: 2026-04-07 14:03- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.exploit-db.com/exploits/43402/ | exploit |
| https://packetstormsecurity.com/files/145551 | exploit |
| https://cxsecurity.com/issue/WLB-2017120297 | third-party-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://www.vulncheck.com/advisories/telesquare-s… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Telesquare | SDT-CS3B1 |
Affected:
1.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20223",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:08:44.373652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:20:16.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SDT-CS3B1",
"vendor": "Telesquare",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:telesquare:sdt-cs3b1:-:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2017-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:03:42.716Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php"
},
{
"name": "Exploit DB",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/43402/"
},
{
"name": "Packet Storm Security",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/145551"
},
{
"name": "CXSecurity",
"tags": [
"third-party-advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017120297"
},
{
"name": "IBM X-Force Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136993"
},
{
"name": "VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference"
}
],
"title": "Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20223",
"datePublished": "2026-03-16T01:28:26.649Z",
"dateReserved": "2026-03-15T21:57:06.190Z",
"dateUpdated": "2026-04-07T14:03:42.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.