CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3254 vulnerabilities reference this CWE, most recent first.
GHSA-8V57-2X2Q-JR9M
Vulnerability from github – Published: 2024-12-24 12:30 – Updated: 2024-12-24 12:30The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
{
"affected": [],
"aliases": [
"CVE-2024-12103"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-24T10:15:05Z",
"severity": "MODERATE"
},
"details": "The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.",
"id": "GHSA-8v57-2x2q-jr9m",
"modified": "2024-12-24T12:30:42Z",
"published": "2024-12-24T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12103"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3211815/content-no-cache/trunk/inc/eos-dyn-ajax.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90c6fd67-2140-4835-98d0-cfd1af95ac4c?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8V77-F7VF-CXMH
Vulnerability from github – Published: 2025-06-27 12:31 – Updated: 2025-06-27 12:31A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-6765"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-27T12:15:45Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-8v77-f7vf-cxmh",
"modified": "2025-06-27T12:31:18Z",
"published": "2025-06-27T12:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6765"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.314075"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.314075"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.599873"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.599880"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8VFW-8F88-JQ83
Vulnerability from github – Published: 2026-01-10 06:30 – Updated: 2026-01-10 06:30The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square "ccof" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site.
{
"affected": [],
"aliases": [
"CVE-2025-13457"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-10T04:15:59Z",
"severity": "HIGH"
},
"details": "The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square \"ccof\" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site.",
"id": "GHSA-8vfw-8f88-jq83",
"modified": "2026-01-10T06:30:12Z",
"published": "2026-01-10T06:30:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13457"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3415850/woocommerce-square"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7f4f726-7e53-4397-8d8b-7a574326adc6?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8VQX-G979-Q6FH
Vulnerability from github – Published: 2025-12-18 18:30 – Updated: 2026-04-01 18:36Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.
{
"affected": [],
"aliases": [
"CVE-2025-63043"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T17:15:55Z",
"severity": "MODERATE"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.",
"id": "GHSA-8vqx-g979-q6fh",
"modified": "2026-04-01T18:36:23Z",
"published": "2025-12-18T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63043"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/post-grid/vulnerability/wordpress-post-grid-and-gutenberg-blocks-plugin-2-3-19-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/wordpress/plugin/post-grid/vulnerability/wordpress-post-grid-and-gutenberg-blocks-plugin-2-3-19-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8WMM-344F-MPJG
Vulnerability from github – Published: 2026-06-16 21:32 – Updated: 2026-06-18 13:04Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-985f-72mj-8gf7. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2026.4.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T13:04:21Z",
"nvd_published_at": "2026-06-16T19:17:04Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-985f-72mj-8gf7. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.",
"id": "GHSA-8wmm-344f-mpjg",
"modified": "2026-06-18T13:04:21Z",
"published": "2026-06-16T21:32:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53863"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-unvalidated-group-id-acceptance-in-tool-group-policy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Tool group policy callers could accept unvalidated group IDs",
"withdrawn": "2026-06-18T13:04:21Z"
}
GHSA-8WV9-5592-C67M
Vulnerability from github – Published: 2025-10-21 18:30 – Updated: 2025-10-21 21:33Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
{
"affected": [],
"aliases": [
"CVE-2025-60511"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-21T17:15:40Z",
"severity": "MODERATE"
},
"details": "Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user\u0027s block (e.g., administrator) and send queries that are executed with that block\u0027s configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.",
"id": "GHSA-8wv9-5592-c67m",
"modified": "2025-10-21T21:33:39Z",
"published": "2025-10-21T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60511"
},
{
"type": "WEB",
"url": "https://github.com/onurcangnc/moodle_block_openai_chat"
},
{
"type": "WEB",
"url": "https://onurcangenc.com.tr/posts/idor-in-moodle-openai-chat-block-block_openai_chat-proof-of-concept-poc--cve-2025-60511"
},
{
"type": "WEB",
"url": "http://moodle.com"
},
{
"type": "WEB",
"url": "http://openai.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8WXX-35QC-VP6R
Vulnerability from github – Published: 2024-07-03 18:48 – Updated: 2024-10-25 22:07An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ginuerzh/gost"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.11.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-39223"
],
"database_specific": {
"cwe_ids": [
"CWE-289",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-25T22:07:23Z",
"nvd_published_at": "2024-07-03T15:15:06Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey",
"id": "GHSA-8wxx-35qc-vp6r",
"modified": "2024-10-25T22:07:23Z",
"published": "2024-07-03T18:48:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39223"
},
{
"type": "WEB",
"url": "https://github.com/ginuerzh/gost/issues/1034"
},
{
"type": "WEB",
"url": "https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a"
},
{
"type": "PACKAGE",
"url": "https://github.com/ginuerzh/gost"
},
{
"type": "WEB",
"url": "https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Missing key verification in gost"
}
GHSA-8X5Q-GQ29-2H75
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-15 21:31Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
{
"affected": [],
"aliases": [
"CVE-2024-21981"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T17:15:22Z",
"severity": "MODERATE"
},
"details": "Improper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access who has gained arbitrary code\nexecution privilege in ASP\u00a0to\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity.",
"id": "GHSA-8x5q-gq29-2h75",
"modified": "2024-08-15T21:31:19Z",
"published": "2024-08-13T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21981"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8XFC-9Q6X-H2XP
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-07-13 00:00vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as "profile pictures." The user IDs can be easily determined by other responses from the API for an event or chat room.
{
"affected": [],
"aliases": [
"CVE-2020-26679"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T12:15:00Z",
"severity": "MODERATE"
},
"details": "vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user\u0027s unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as \"profile pictures.\" The user IDs can be easily determined by other responses from the API for an event or chat room.",
"id": "GHSA-8xfc-9q6x-h2xp",
"modified": "2022-07-13T00:00:50Z",
"published": "2022-05-24T19:03:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26679"
},
{
"type": "WEB",
"url": "https://api.vfairs.com/v1/profiles"
},
{
"type": "WEB",
"url": "https://api.vfairs.com/v1/profiles?access_key="
},
{
"type": "WEB",
"url": "https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack"
},
{
"type": "WEB",
"url": "http://vfairs.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8XJV-X6F3-C657
Vulnerability from github – Published: 2025-03-03 15:31 – Updated: 2026-06-02 09:36Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.
{
"affected": [],
"aliases": [
"CVE-2024-8261"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T15:15:15Z",
"severity": "MODERATE"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.",
"id": "GHSA-8xjv-x6f3-c657",
"modified": "2026-06-02T09:36:14Z",
"published": "2025-03-03T15:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8261"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0049"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-25-0049"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.