Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5548 vulnerabilities reference this CWE, most recent first.

GHSA-QF5C-HFC7-449F

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-07-31 00:00
VLAI
Details

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.",
  "id": "GHSA-qf5c-hfc7-449f",
  "modified": "2022-07-31T00:00:57Z",
  "published": "2022-05-24T19:05:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25401"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF6R-242X-WPG6

Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-12-03 18:31
VLAI
Details

python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-15T16:15:36Z",
    "severity": "HIGH"
  },
  "details": "python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.",
  "id": "GHSA-qf6r-242x-wpg6",
  "modified": "2024-12-03T18:31:02Z",
  "published": "2024-11-15T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50650"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yllxx03/CVE/blob/main/python_book/BrokenAccessControl.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50650"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QF9V-6RQ4-3W87

Vulnerability from github – Published: 2025-12-03 18:30 – Updated: 2025-12-03 18:30
VLAI
Details

In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-03T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk MCP Server app versions below 0.2.4, a user with access to the \"run_splunk_query\" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.",
  "id": "GHSA-qf9v-6rq4-3w87",
  "modified": "2025-12-03T18:30:25Z",
  "published": "2025-12-03T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20381"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1210"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFG5-F4WR-P29R

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-08-13 00:00
VLAI
Details

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-306",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-08T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.",
  "id": "GHSA-qfg5-f4wr-p29r",
  "modified": "2022-08-13T00:00:37Z",
  "published": "2022-05-24T19:17:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41568"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-5172-b012c-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFHG-M6R8-XXPJ

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-02-23 16:04
VLAI
Summary
Incorrect Authorization in Drupal core
Details

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.9.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.1.0"
            },
            {
              "fixed": "9.1.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.2.0"
            },
            {
              "fixed": "9.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-13676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-23T16:04:57Z",
    "nvd_published_at": "2022-02-11T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.",
  "id": "GHSA-qfhg-m6r8-xxpj",
  "modified": "2022-02-23T16:04:57Z",
  "published": "2022-02-12T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13676"
    },
    {
      "type": "WEB",
      "url": "https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/drupal/core"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-core-2021-009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect Authorization in Drupal core"
}

GHSA-QFMJ-8V62-HH7X

Vulnerability from github – Published: 2025-03-05 21:32 – Updated: 2025-03-05 21:32
VLAI
Details

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-05T19:15:39Z",
    "severity": "HIGH"
  },
  "details": "Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the \u0027add in root\u0027 permission.",
  "id": "GHSA-qfmj-8v62-hh7x",
  "modified": "2025-03-05T21:32:13Z",
  "published": "2025-03-05T21:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2003"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2025-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFP8-HFQX-C79C

Vulnerability from github – Published: 2022-05-05 02:48 – Updated: 2024-11-26 16:56
VLAI
Summary
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
Details

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Nova"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.0.0a0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-0335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-09T16:15:03Z",
    "nvd_published_at": "2013-03-22T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.",
  "id": "GHSA-qfp8-hfqx-c79c",
  "modified": "2024-11-26T16:56:49Z",
  "published": "2022-05-05T02:48:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0335"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/nova/+bug/1125378"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/nova"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/22086"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/22758"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/22872"
    },
    {
      "type": "WEB",
      "url": "http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72"
    },
    {
      "type": "WEB",
      "url": "http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88"
    },
    {
      "type": "WEB",
      "url": "http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d"
    },
    {
      "type": "WEB",
      "url": "http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a"
    },
    {
      "type": "WEB",
      "url": "http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1771-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM"
}

GHSA-QFQQ-FMMM-P2R3

Vulnerability from github – Published: 2026-07-08 21:30 – Updated: 2026-07-08 21:30
VLAI
Details

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-08T21:16:46Z",
    "severity": "LOW"
  },
  "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.",
  "id": "GHSA-qfqq-fmmm-p2r3",
  "modified": "2026-07-08T21:30:30Z",
  "published": "2026-07-08T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13151"
    },
    {
      "type": "WEB",
      "url": "https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/598813"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFQW-47F9-9JPP

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-19T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum\u0027s JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.",
  "id": "GHSA-qfqw-47f9-9jpp",
  "modified": "2022-05-13T01:01:37Z",
  "published": "2022-05-13T01:01:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12118"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0470"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102475"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFRH-P934-938F

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-24T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user\u0027s permissions before executing a file deletion command.",
  "id": "GHSA-qfrh-p934-938f",
  "modified": "2022-05-24T19:12:04Z",
  "published": "2022-05-24T19:12:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26040"
    },
    {
      "type": "WEB",
      "url": "https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.