Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5548 vulnerabilities reference this CWE, most recent first.

GHSA-Q5HH-5WXX-G45W

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-07-13 00:01
VLAI
Details

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-02T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920.",
  "id": "GHSA-q5hh-5wxx-g45w",
  "modified": "2022-07-13T00:01:05Z",
  "published": "2022-05-24T19:09:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20539"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198920"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6476940"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5J2-4886-WVHF

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-15 00:00
VLAI
Details

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25405"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.",
  "id": "GHSA-q5j2-4886-wvhf",
  "modified": "2022-07-15T00:00:18Z",
  "published": "2022-05-24T19:05:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25405"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5Q9-2RHP-33QW

Vulnerability from github – Published: 2026-03-09 17:42 – Updated: 2026-03-09 17:42
VLAI
Summary
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Details

Impact

When graphQLPublicIntrospection is disabled, __type queries nested inside inline fragments (e.g. ... on Query { __type(name:"User") { name } }) bypass the introspection control, allowing unauthenticated users to perform type reconnaissance. __schema introspection is not affected.

Patches

The check was changed from a flat iteration over root-level selections to a recursive walk of all selection sets, detecting __type inside inline fragments at any depth.

Workarounds

Require master key authentication at the network layer (e.g. reverse proxy) for the GraphQL endpoint.

References

  • GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-q5q9-2rhp-33qw
  • Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.10
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.3.1-alpha.3"
            },
            {
              "fixed": "9.5.0-alpha.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-30854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-09T17:42:17Z",
    "nvd_published_at": "2026-03-07T17:15:52Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen `graphQLPublicIntrospection` is disabled, `__type` queries nested inside inline fragments (e.g. `... on Query { __type(name:\"User\") { name } })` bypass the introspection control, allowing unauthenticated users to perform type reconnaissance. `__schema` introspection is not affected.\n\n### Patches\n\nThe check was changed from a flat iteration over root-level selections to a recursive walk of all selection sets, detecting `__type` inside inline fragments at any depth.\n\n### Workarounds\n\nRequire master key authentication at the network layer (e.g. reverse proxy) for the GraphQL endpoint.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-q5q9-2rhp-33qw\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.5.0-alpha.10",
  "id": "GHSA-q5q9-2rhp-33qw",
  "modified": "2026-03-09T17:42:17Z",
  "published": "2026-03-09T17:42:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-q5q9-2rhp-33qw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30854"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled"
}

GHSA-Q5VH-6WHW-X745

Vulnerability from github – Published: 2021-08-13 20:16 – Updated: 2024-10-07 16:44
VLAI
Summary
Improper Authorization and Origin Validation Error in OneFuzz
Details

Impact

Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance.

To be vulnerable, a OneFuzz deployment must be: * Version 2.12.0 or greater * Deployed with the non-default --multi_tenant_domain option

This can result in read/write access to private data such as: * Software vulnerability and crash information * Security testing tools * Proprietary code and symbols

Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources.

Patches

This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's issuer against an administrator-configured allowlist.

Workarounds

Users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the --multi_tenant_domain option.

References

You can find an overview of the Microsoft Identity Platform here. This vulnerability applies to the multi-tenant application pattern, as described here.

For more information

If you have any questions or comments about this advisory: * Open an issue in OneFuzz * Email us at fuzzing@microsoft.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "onefuzz"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12.0"
            },
            {
              "fixed": "2.31.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-346",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-13T20:16:08Z",
    "nvd_published_at": "2021-08-13T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "## Impact\n\nStarting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance.\n\nTo be vulnerable, a OneFuzz deployment must be:\n* Version 2.12.0 or greater\n* Deployed with the non-default [`--multi_tenant_domain`](https://github.com/microsoft/onefuzz/blob/2.30.0/src/deployment/deploy.py#L1021) option\n\nThis can result in read/write access to private data such as:\n* Software vulnerability and crash information\n* Security testing tools\n* Proprietary code and symbols\n\nVia authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources.\n\n## Patches\n\nThis issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token\u0027s `issuer` against an administrator-configured allowlist.\n\n## Workarounds\n\nUsers can restrict access to the tenant of a deployed OneFuzz instance \u003c 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option.\n\n## References\n\nYou can find an overview of the Microsoft Identity Platform [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview).  This vulnerability applies to the multi-tenant application pattern, as described [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant).\n\n## For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [OneFuzz](https://github.com/microsoft/onefuzz)\n* Email us at [fuzzing@microsoft.com](mailto:fuzzing@microsoft.com)",
  "id": "GHSA-q5vh-6whw-x745",
  "modified": "2024-10-07T16:44:37Z",
  "published": "2021-08-13T20:16:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/onefuzz/security/advisories/GHSA-q5vh-6whw-x745"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37705"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/onefuzz/pull/1153"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/onefuzz/commit/2fcb4998887959b4fa11894a068d689189742cb1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/onefuzz"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/onefuzz/releases/tag/2.31.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/onefuzz/PYSEC-2021-344.yaml"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/onefuzz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Improper Authorization and Origin Validation Error in OneFuzz"
}

GHSA-Q5XQ-RVPH-WWGR

Vulnerability from github – Published: 2026-04-03 00:31 – Updated: 2026-04-03 00:31
VLAI
Details

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T00:16:05Z",
    "severity": "CRITICAL"
  },
  "details": "Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.",
  "id": "GHSA-q5xq-rvph-wwgr",
  "modified": "2026-04-03T00:31:09Z",
  "published": "2026-04-03T00:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33105"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q623-F4J4-P4XJ

Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-07-02 17:44
VLAI
Summary
OpenStack Keystone has an Incorrect Authorization issue
Details

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0.0"
            },
            {
              "fixed": "27.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "28.0.0"
            },
            {
              "fixed": "28.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "29.0.0"
            },
            {
              "fixed": "29.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T17:44:16Z",
    "nvd_published_at": "2026-05-28T19:16:37Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim\u0027s identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim\u0027s actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim\u0027s admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim\u0027s identity.",
  "id": "GHSA-q623-f4j4-p4xj",
  "modified": "2026-07-02T17:44:16Z",
  "published": "2026-05-28T21:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43000"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-43000"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/keystone/+bug/2148477"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482826"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/keystone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-601.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43000.json"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2026-015.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack Keystone has an Incorrect Authorization issue"
}

GHSA-Q64V-P3VV-M993

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-01-31 15:30
VLAI
Details

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11724"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-23T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox \u003c 68.",
  "id": "GHSA-q64v-p3vv-m993",
  "modified": "2023-01-31T15:30:33Z",
  "published": "2022-05-24T16:51:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11724"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1512511"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-12"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2019-21"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q67Q-RG47-HFHR

Vulnerability from github – Published: 2024-10-01 03:30 – Updated: 2024-10-01 03:30
VLAI
Details

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-01T02:15:10Z",
    "severity": "HIGH"
  },
  "details": "RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client\u0027s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.",
  "id": "GHSA-q67q-rg47-hfhr",
  "modified": "2024-10-01T03:30:33Z",
  "published": "2024-10-01T03:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47560"
    },
    {
      "type": "WEB",
      "url": "https://jscom.jp/news-20240918"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN39280069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6HG-6M9X-5G9C

Vulnerability from github – Published: 2024-07-10 14:19 – Updated: 2024-07-10 14:19
VLAI
Summary
Evmos vulnerable to exploit of smart contract account and vesting
Details

Summary

This advisory board aims to describe two vulnerabilities found in the Evmos codebase:

  • Authorization check on the fundVestingAccount: unauthorized spend of funds.

Details

Authorization check on the fundVestingAccount

With the current implementation, a user can create a vesting account with a 3rd party account (EOA or contract) as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization checked in the code. But the funds are taken from the funder address provided in the message. Consequently, the user can fund a vesting account with a 3rd party account without its permission. The funder address can be any address, so this vulnerability can be used to drain all the accounts in the chain.

Severity

Based on ImmuneFi Severity Classification System the severity was evaluated to Critical since the attack could have lead to direct loss of funds.

Patches

The issue has been patched in versions >=V19.0.0

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 18.0.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/evmos/evmos/v18"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "19.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-10T14:19:51Z",
    "nvd_published_at": "2024-07-05T19:15:10Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThis advisory board aims to describe two vulnerabilities found in the Evmos codebase:\n\n- _Authorization check on the fundVestingAccount_: unauthorized spend of funds.\n\n### Details\n\n#### Authorization check on the fundVestingAccount\n\nWith the current implementation, a user can create a vesting account with a 3rd party account (EOA or contract) as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization checked in the code. But the funds are taken from the funder address provided in the message. Consequently, the user can fund a vesting account with a 3rd party account without its permission. The funder address can be any address, so this vulnerability can be used to drain all the accounts in the chain.\n\n### Severity\nBased on [ImmuneFi Severity Classification System](https://immunefisupport.zendesk.com/hc/en-us/articles/13332717597585-Severity-Classification-System) the severity was evaluated to Critical since the attack could have lead to direct loss of funds.\n\n### Patches\nThe issue has been patched in versions \u003e=V19.0.0",
  "id": "GHSA-q6hg-6m9x-5g9c",
  "modified": "2024-07-10T14:19:51Z",
  "published": "2024-07-10T14:19:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/evmos/evmos/security/advisories/GHSA-q6hg-6m9x-5g9c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39696"
    },
    {
      "type": "WEB",
      "url": "https://github.com/evmos/evmos/commit/0a620e176617a835ac697eea494afea09185dfaf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/evmos/evmos"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Evmos vulnerable to exploit of smart contract account and vesting"
}

GHSA-Q6MV-M62H-7Q28

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:35
VLAI
Details

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-07T06:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.",
  "id": "GHSA-q6mv-m62h-7q28",
  "modified": "2024-04-04T01:35:09Z",
  "published": "2022-05-24T16:52:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1912"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RTL83xx-Stack-Overflow.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.