CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3235 vulnerabilities reference this CWE, most recent first.
GHSA-76P4-4V5G-FPXR
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:10An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
{
"affected": [],
"aliases": [
"CVE-2019-12866"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-03T19:15:00Z",
"severity": "CRITICAL"
},
"details": "An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.",
"id": "GHSA-76p4-4v5g-fpxr",
"modified": "2024-04-04T01:10:19Z",
"published": "2022-05-24T16:49:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12866"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76V2-48W6-CRXR
Vulnerability from github – Published: 2024-05-15 18:30 – Updated: 2024-09-05 18:38In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bonitasoft.engine:bonita-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.1.0.W11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-28087"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-15T19:48:34Z",
"nvd_published_at": "2024-05-15T17:15:10Z",
"severity": "MODERATE"
},
"details": "In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.",
"id": "GHSA-76v2-48w6-crxr",
"modified": "2024-09-05T18:38:00Z",
"published": "2024-05-15T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28087"
},
{
"type": "WEB",
"url": "https://github.com/bonitasoft/bonita-engine/commit/1b3ac00f0178bfcfe8f01811a249b1893f0b1da1"
},
{
"type": "WEB",
"url": "https://documentation.bonitasoft.com/bonita/2024.1/release-notes#_fixes_in_bonita_2024_1_u0_2024_04_11"
},
{
"type": "WEB",
"url": "https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_2024_1_2024_04_11"
},
{
"type": "PACKAGE",
"url": "https://github.com/bonitasoft/bonita-engine"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Bonitasoft Runtime Community edition\u0027s contains an insecure direct object references vulnerability"
}
GHSA-76W7-GCRW-2H29
Vulnerability from github – Published: 2025-04-16 00:31 – Updated: 2025-04-16 00:31Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
{
"affected": [],
"aliases": [
"CVE-2025-30257"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T22:15:26Z",
"severity": "MODERATE"
},
"details": "Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.",
"id": "GHSA-76w7-gcrw-2h29",
"modified": "2025-04-16T00:31:38Z",
"published": "2025-04-16T00:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30257"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-76X6-FWVJ-Q76M
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2026-04-08 18:31The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.
{
"affected": [],
"aliases": [
"CVE-2022-3794"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T21:15:00Z",
"severity": "MODERATE"
},
"details": "The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.",
"id": "GHSA-76x6-fwvj-q76m",
"modified": "2026-04-08T18:31:59Z",
"published": "2022-12-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3794"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2811758%40jeg-elementor-kit%2Ftrunk\u0026old=2810568%40jeg-elementor-kit%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/jeg-elementor-kit/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7729-X926-XQ76
Vulnerability from github – Published: 2024-10-15 12:30 – Updated: 2024-10-15 12:30Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
{
"affected": [],
"aliases": [
"CVE-2024-49388"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T11:15:14Z",
"severity": "LOW"
},
"details": "Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",
"id": "GHSA-7729-x926-xq76",
"modified": "2024-10-15T12:30:37Z",
"published": "2024-10-15T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49388"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-5984"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-775X-85H4-43CP
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2023-07-06 19:24HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.
{
"affected": [],
"aliases": [
"CVE-2023-24842"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-27T04:15:00Z",
"severity": "MODERATE"
},
"details": "HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user\u2019s mail by changing user ID and mail ID within URL.",
"id": "GHSA-775x-85h4-43cp",
"modified": "2023-07-06T19:24:12Z",
"published": "2023-07-06T19:24:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24842"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-6961-12444-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-77HC-4GV2-JVC3
Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2026-01-20 15:32Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.
{
"affected": [],
"aliases": [
"CVE-2025-67909"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:19Z",
"severity": "HIGH"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through \u003c= 3.0.3.",
"id": "GHSA-77hc-4gv2-jvc3",
"modified": "2026-01-20T15:32:33Z",
"published": "2025-12-24T15:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67909"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-0-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-0-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-77VC-RJ32-2R33
Vulnerability from github – Published: 2024-07-10 16:04 – Updated: 2024-11-18 16:26Summary
An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed.
Impact
The lack of proper access control validation for private tenant resources in the OpenSearch observability and reporting plugins can lead to unintended data access. If an authorized user with observability or reporting roles is aware of another user's private tenant resource ID, such as a notebook, they can potentially read, modify, or take ownership of that resource, despite not being the original author, thus impacting the confidentiality and integrity of private tenant resources. The impact is confined to private tenant resources, where authorized users may gain inappropriate visibility into data intended to be private from other users within the same OpenSearch instance, potentially violating the intended separation of access. This issue does not alter the scope of access but highlights a flaw in the existing access control mechanisms.
Impacted versions <= 2.13
Patches
The patches are included in OpenSearch 2.14
Workarounds
None
References
OpenSearch 2.14 is available for download at https://opensearch.org/versions/opensearch-2-14-0.html
The latest version of OpenSearch is available for download at https://opensearch.org/downloads.html
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.opensearch.plugin:opensearch-observability"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.14.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-39901"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-10T16:04:08Z",
"nvd_published_at": "2024-07-09T22:15:03Z",
"severity": "LOW"
},
"details": "### Summary\n\nAn issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed.\n\n### Impact\n\nThe lack of proper access control validation for private tenant resources in the OpenSearch observability and reporting plugins can lead to unintended data access. If an authorized user with observability or reporting roles is aware of another user\u0027s private tenant resource ID, such as a notebook, they can potentially read, modify, or take ownership of that resource, despite not being the original author, thus impacting the confidentiality and integrity of private tenant resources. The impact is confined to private tenant resources, where authorized users may gain inappropriate visibility into data intended to be private from other users within the same OpenSearch instance, potentially violating the intended separation of access. This issue does not alter the scope of access but highlights a flaw in the existing access control mechanisms.\n\nImpacted versions \u003c= 2.13\n\n### Patches\n\nThe patches are included in OpenSearch 2.14\n\n### Workarounds\n\nNone\n\n### References\n\nOpenSearch 2.14 is available for download at https://opensearch.org/versions/opensearch-2-14-0.html\n\nThe latest version of OpenSearch is available for download at https://opensearch.org/downloads.html",
"id": "GHSA-77vc-rj32-2r33",
"modified": "2024-11-18T16:26:51Z",
"published": "2024-07-10T16:04:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/opensearch-project/observability/security/advisories/GHSA-77vc-rj32-2r33"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39901"
},
{
"type": "WEB",
"url": "https://github.com/opensearch-project/observability/commit/014423178f8f61d90442dde03cbdcd754c70a84e"
},
{
"type": "PACKAGE",
"url": "https://github.com/opensearch-project/observability"
},
{
"type": "WEB",
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenSearch Observability does not properly restrict access to private tenant resources"
}
GHSA-786G-4R53-JP5V
Vulnerability from github – Published: 2025-03-13 09:31 – Updated: 2025-03-13 09:31A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive information, including user details, network and hardware information, installed programs, running processes, drives, and printers. Due to improper access controls, an attacker can retrieve audit data belonging to other users, potentially leading to unauthorized data exposure, privacy violations, and security risks.
{
"affected": [],
"aliases": [
"CVE-2025-2271"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-13T07:15:37Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive information, including user details, network and hardware information, installed programs, running processes, drives, and printers. Due to improper access controls, an attacker can retrieve audit data belonging to other users, potentially leading to unauthorized data exposure, privacy violations, and security risks.",
"id": "GHSA-786g-4r53-jp5v",
"modified": "2025-03-13T09:31:46Z",
"published": "2025-03-13T09:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2271"
},
{
"type": "WEB",
"url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-788W-W3G2-24WW
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.
{
"affected": [],
"aliases": [
"CVE-2021-40355"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-14T11:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.",
"id": "GHSA-788w-w3g2-24ww",
"modified": "2022-05-24T19:14:29Z",
"published": "2022-05-24T19:14:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40355"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.