CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5548 vulnerabilities reference this CWE, most recent first.
GHSA-Q24H-5RQ3-63J9
Vulnerability from github – Published: 2022-03-04 00:00 – Updated: 2022-03-10 21:57@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular name.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@uppy/companion"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0528"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-863",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-10T21:57:56Z",
"nvd_published_at": "2022-03-03T07:15:00Z",
"severity": "HIGH"
},
"details": "@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular name.",
"id": "GHSA-q24h-5rq3-63j9",
"modified": "2022-03-10T21:57:56Z",
"published": "2022-03-04T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0528"
},
{
"type": "WEB",
"url": "https://github.com/transloadit/uppy/commit/267c34045a1e62c98406d8c31261c604a11e544a"
},
{
"type": "PACKAGE",
"url": "https://github.com/transloadit/uppy"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/8b060cc3-2420-468e-8293-b9216620175b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Authorization in @uppy/companion"
}
GHSA-Q274-P5MX-FR2F
Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2025-05-05 18:31Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
{
"affected": [],
"aliases": [
"CVE-2021-0124"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T23:15:00Z",
"severity": "MODERATE"
},
"details": "Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.",
"id": "GHSA-q274-p5mx-fr2f",
"modified": "2025-05-05T18:31:19Z",
"published": "2022-02-11T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0124"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220210-0007"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q297-5XX3-GW53
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed
{
"affected": [],
"aliases": [
"CVE-2021-22253"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-23T20:15:00Z",
"severity": "MODERATE"
},
"details": "Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed",
"id": "GHSA-q297-5xx3-gw53",
"modified": "2022-05-24T19:11:53Z",
"published": "2022-05-24T19:11:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22253"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1113783"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22253.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/323794"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q2PG-HWX8-X39W
Vulnerability from github – Published: 2022-09-29 00:00 – Updated: 2022-09-29 00:00smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.
{
"affected": [],
"aliases": [
"CVE-2022-39030"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-28T04:15:00Z",
"severity": "HIGH"
},
"details": "smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information.",
"id": "GHSA-q2pg-hwx8-x39w",
"modified": "2022-09-29T00:00:27Z",
"published": "2022-09-29T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39030"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-6567-01fa3-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q2Q3-6R63-6PC5
Vulnerability from github – Published: 2025-06-17 12:31 – Updated: 2025-06-17 12:31The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.
{
"affected": [],
"aliases": [
"CVE-2025-3880"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T12:15:25Z",
"severity": "MODERATE"
},
"details": "The Poll, Survey \u0026 Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.",
"id": "GHSA-q2q3-6r63-6pc5",
"modified": "2025-06-17T12:31:15Z",
"published": "2025-06-17T12:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3880"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/social-polls-by-opinionstage/trunk/plugin.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/social-polls-by-opinionstage/trunk/src/Modules/Admin.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3310848"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba86268a-7bd6-40ed-9af6-29409245675d?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q2QC-744P-66R2
Vulnerability from github – Published: 2026-03-29 15:47 – Updated: 2026-03-29 15:47Summary
session_status sessionId resolution bypasses sandboxed session-tree visibility
Affected Packages / Versions
- Package:
openclaw - Affected versions:
>= 2026.3.11, <= 2026.3.24 - First patched version:
2026.3.25 - Latest published npm version at verification time:
2026.3.24
Details
session_status previously resolved a sessionId to a canonical session key after early visibility checks, letting sandboxed children reach parent or sibling sessions that were blocked by explicit sessionKey. Commit d9810811b6c3c9266d7580f00574e5e02f7663de enforces visibility after sessionId resolution so sandboxed callers cannot escape their session tree.
Verified vulnerable on tag v2026.3.24 and fixed on main by commit d9810811b6c3c9266d7580f00574e5e02f7663de.
Fix Commit(s)
d9810811b6c3c9266d7580f00574e5e02f7663de
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.24"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "2026.3.11"
},
{
"fixed": "2026.3.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-639",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-29T15:47:50Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\n`session_status` sessionId resolution bypasses sandboxed session-tree visibility\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `\u003e= 2026.3.11, \u003c= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\n`session_status` previously resolved a `sessionId` to a canonical session key after early visibility checks, letting sandboxed children reach parent or sibling sessions that were blocked by explicit `sessionKey`. Commit `d9810811b6c3c9266d7580f00574e5e02f7663de` enforces visibility after `sessionId` resolution so sandboxed callers cannot escape their session tree.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `d9810811b6c3c9266d7580f00574e5e02f7663de`.\n\n## Fix Commit(s)\n\n- `d9810811b6c3c9266d7580f00574e5e02f7663de`",
"id": "GHSA-q2qc-744p-66r2",
"modified": "2026-03-29T15:47:50Z",
"published": "2026-03-29T15:47:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility"
}
GHSA-Q346-MW87-VH24
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185
{
"affected": [],
"aliases": [
"CVE-2021-39753"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200035185",
"id": "GHSA-q346-mw87-vh24",
"modified": "2022-04-06T00:01:54Z",
"published": "2022-03-31T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39753"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q35X-JJJW-76GP
Vulnerability from github – Published: 2025-10-16 15:30 – Updated: 2025-10-16 15:30Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation.
Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.
{
"affected": [],
"aliases": [
"CVE-2025-10611"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-16T13:15:40Z",
"severity": "CRITICAL"
},
"details": "Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation.\n\nSuccessful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.",
"id": "GHSA-q35x-jjjw-76gp",
"modified": "2025-10-16T15:30:43Z",
"published": "2025-10-16T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10611"
},
{
"type": "WEB",
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4585"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q363-5CQV-4F8M
Vulnerability from github – Published: 2026-01-09 03:30 – Updated: 2026-01-09 03:30There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.
{
"affected": [],
"aliases": [
"CVE-2025-66315"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-09T03:15:47Z",
"severity": "MODERATE"
},
"details": "There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory.",
"id": "GHSA-q363-5cqv-4f8m",
"modified": "2026-01-09T03:30:17Z",
"published": "2026-01-09T03:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66315"
},
{
"type": "WEB",
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4891644183717871638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q36F-8454-R4H2
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
{
"affected": [],
"aliases": [
"CVE-2021-28544"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T18:15:00Z",
"severity": "MODERATE"
},
"details": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.",
"id": "GHSA-q36f-8454-r4h2",
"modified": "2022-04-21T00:00:51Z",
"published": "2022-04-13T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28544"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT"
},
{
"type": "WEB",
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213345"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.