Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3255 vulnerabilities reference this CWE, most recent first.

GHSA-C739-F6XW-6PV2

Vulnerability from github – Published: 2026-05-19 12:31 – Updated: 2026-06-30 19:16
VLAI
Summary
Keycloak Protection API allows authenticated clients to access and modify resources owned by other Resource Servers
Details

Keycloak's Authorization Services feature exposes a User-Managed Access Protection API that include an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, an authenticated client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-4630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T19:16:10Z",
    "nvd_published_at": "2026-05-19T12:16:19Z",
    "severity": "MODERATE"
  },
  "details": "Keycloak\u0027s Authorization Services feature exposes a User-Managed Access Protection API that include an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource\u0027s unique identifier (UUID) belonging to another Resource Server within the same realm, an authenticated client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.",
  "id": "GHSA-c739-f6xw-6pv2",
  "modified": "2026-06-30T19:16:10Z",
  "published": "2026-05-19T12:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4630"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/49115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/49121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/0cea089bd19f5061f5fd47099fd6fb41a17d8c55"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/1192267af8f16a7b722bdc2abbd3410c477388aa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/4e9b17cbedb828b4afc6b62399eee317d4735234"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19596"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19597"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4630"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450245"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak Protection API allows authenticated clients to access and modify resources owned by other Resource Servers"
}

GHSA-C73G-MX2W-CC93

Vulnerability from github – Published: 2025-11-09 21:30 – Updated: 2025-11-13 15:49
VLAI
Summary
EverShop is vulnerable to Unauthorized Order Information Access (IDOR)
Details

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@evershop/evershop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-12919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639",
      "CWE-99"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-13T15:49:51Z",
    "nvd_published_at": "2025-11-09T20:15:34Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-c73g-mx2w-cc93",
  "modified": "2025-11-13T15:49:51Z",
  "published": "2025-11-09T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12919"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/evershopcommerce/evershop"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md#attack-steps"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.331639"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.331639"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.680788"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "EverShop is vulnerable to Unauthorized Order Information Access (IDOR)"
}

GHSA-C799-M99W-MPG7

Vulnerability from github – Published: 2025-12-03 06:31 – Updated: 2025-12-03 15:30
VLAI
Details

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12954"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-03T06:15:47Z",
    "severity": "LOW"
  },
  "details": "The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.",
  "id": "GHSA-c799-m99w-mpg7",
  "modified": "2025-12-03T15:30:28Z",
  "published": "2025-12-03T06:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12954"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/f15dd1ca-aa40-4d3b-9625-e3ace744374d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C7FM-JX59-WJF6

Vulnerability from github – Published: 2022-01-21 18:50 – Updated: 2022-01-20 16:14
VLAI
Summary
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Details

Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "remdex/livehelperchat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.92"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-20T16:14:41Z",
    "nvd_published_at": "2022-01-19T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.",
  "id": "GHSA-c7fm-jx59-wjf6",
  "modified": "2022-01-20T16:14:41Z",
  "published": "2022-01-21T18:50:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0266"
    },
    {
      "type": "WEB",
      "url": "https://github.com/livehelperchat/livehelperchat/commit/cc1122aed0d1ad9f05757eaea2ab9e6a924776bd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/livehelperchat/livehelperchat"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/1ac267be-3af8-4774-89f2-77234d144d6b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Authorization Bypass Through User-Controlled Key in LiveHelperChat"
}

GHSA-C7M9-R72H-M8V2

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2023-12-21 03:30
VLAI
Details

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44249"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T17:15:13Z",
    "severity": "MODERATE"
  },
  "details": "An authorization bypass through user-controlled key\u00a0[CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.",
  "id": "GHSA-c7m9-r72h-m8v2",
  "modified": "2023-12-21T03:30:33Z",
  "published": "2023-10-10T18:31:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44249"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-201"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C7R3-XX63-QF62

Vulnerability from github – Published: 2026-07-07 09:37 – Updated: 2026-07-07 09:37
VLAI
Details

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.

This issue affects Ontime: through 04052026.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-07T08:16:25Z",
    "severity": "HIGH"
  },
  "details": "Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.\n\nThis issue affects Ontime: through 04052026.",
  "id": "GHSA-c7r3-xx63-qf62",
  "modified": "2026-07-07T09:37:53Z",
  "published": "2026-07-07T09:37:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5730"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C7VR-VPM2-822G

Vulnerability from github – Published: 2025-02-19 09:33 – Updated: 2026-04-08 18:33
VLAI
Details

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-19T08:15:20Z",
    "severity": "MODERATE"
  },
  "details": "The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.",
  "id": "GHSA-c7vr-vpm2-822g",
  "modified": "2026-04-08T18:33:49Z",
  "published": "2025-02-19T09:33:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13719"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3244844%40pepro-ultimate-invoice\u0026new=3244844%40pepro-ultimate-invoice\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/pepro-ultimate-invoice"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46186f8d-e50c-476a-9480-b6121412474a?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C827-PF9P-24MM

Vulnerability from github – Published: 2026-01-16 12:30 – Updated: 2026-01-23 18:31
VLAI
Details

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-16T10:16:04Z",
    "severity": "HIGH"
  },
  "details": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the \u0027rcp_stripe_create_setup_intent_for_saved_card\u0027 function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.",
  "id": "GHSA-c827-pf9p-24mm",
  "modified": "2026-01-23T18:31:27Z",
  "published": "2026-01-16T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14844"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/639.html"
    },
    {
      "type": "WEB",
      "url": "https://docs.stripe.com/api/setup_intents/object"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L848"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L987"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3438168/restrict-content/tags/3.2.17/core/includes/gateways/stripe/functions.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c28545d-c7cd-469f-bccf-90e8b52fd4e7?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8G9-CM5M-77PX

Vulnerability from github – Published: 2026-06-20 03:32 – Updated: 2026-06-20 03:32
VLAI
Details

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoint to merge the victim's SSO identity into the attacker-controlled account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-20T01:16:16Z",
    "severity": "HIGH"
  },
  "details": "Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim\u0027s corporate SSO email, causing the provision-user endpoint to merge the victim\u0027s SSO identity into the attacker-controlled account.",
  "id": "GHSA-c8g9-cm5m-77px",
  "modified": "2026-06-20T03:32:30Z",
  "published": "2026-06-20T03:32:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-wqc6-fhwf-qpww"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56215"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/capgo-account-merge-via-poisoned-public-users-email-in-sso-provisioning"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C8HW-HM2H-46FP

Vulnerability from github – Published: 2026-07-17 06:30 – Updated: 2026-07-17 06:30
VLAI
Details

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheet_export_form_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate any Ninja Forms form ID and download all stored submission data — including names, email addresses, phone numbers, physical addresses, and any other PII collected by site forms — as a downloadable XLSX file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15159"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-17T04:16:50Z",
    "severity": "MODERATE"
  },
  "details": "The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the \u0027spreadsheet_export_form_id\u0027 parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate any Ninja Forms form ID and download all stored submission data \u2014 including names, email addresses, phone numbers, physical addresses, and any other PII collected by site forms \u2014 as a downloadable XLSX file.",
  "id": "GHSA-c8hw-hm2h-46fp",
  "modified": "2026-07-17T06:30:59Z",
  "published": "2026-07-17T06:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15159"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/ninja-forms-excel-export/trunk/ninja-forms-excel-export.php#L187"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/783ccf21-db16-4aac-9a3c-992b3aac5526?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.