CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5550 vulnerabilities reference this CWE, most recent first.
GHSA-QQ36-2M78-GHVJ
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
{
"affected": [],
"aliases": [
"CVE-2021-21484"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-09T15:15:00Z",
"severity": "CRITICAL"
},
"details": "LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.",
"id": "GHSA-qq36-2m78-ghvj",
"modified": "2022-05-24T17:44:00Z",
"published": "2022-05-24T17:44:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21484"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3017378"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QQ38-MXPQ-RRPJ
Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-12-28 23:44GitLab Authentication Plugin 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to another user or group.
GitLab Authentication Plugin 1.6 performs user name and group name authorization checks using the appropriate GitLab APIs.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:gitlab-oauth"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-2228"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-28T23:44:46Z",
"nvd_published_at": "2020-07-15T18:15:00Z",
"severity": "HIGH"
},
"details": "GitLab Authentication Plugin 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to another user or group.\n\nGitLab Authentication Plugin 1.6 performs user name and group name authorization checks using the appropriate GitLab APIs.",
"id": "GHSA-qq38-mxpq-rrpj",
"modified": "2022-12-28T23:44:46Z",
"published": "2022-05-24T17:23:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2228"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/gitlab-oauth-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin"
}
GHSA-QQ53-28V3-C4VM
Vulnerability from github – Published: 2024-02-16 21:31 – Updated: 2024-11-04 21:30In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-0017"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-16T20:15:47Z",
"severity": "MODERATE"
},
"details": "In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-qq53-28v3-c4vm",
"modified": "2024-11-04T21:30:25Z",
"published": "2024-02-16T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0017"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-01-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQ8Q-67X7-25JM
Vulnerability from github – Published: 2023-05-15 12:30 – Updated: 2026-06-01 15:30Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
{
"affected": [],
"aliases": [
"CVE-2023-23446"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-15T11:15:09Z",
"severity": "HIGH"
},
"details": "Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.",
"id": "GHSA-qq8q-67x7-25jm",
"modified": "2026-06-01T15:30:31Z",
"published": "2023-05-15T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23446"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQCV-FJFG-8RP6
Vulnerability from github – Published: 2026-06-17 21:34 – Updated: 2026-06-17 21:34Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
{
"affected": [],
"aliases": [
"CVE-2026-10741"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T20:16:48Z",
"severity": "MODERATE"
},
"details": "Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.",
"id": "GHSA-qqcv-fjfg-8rp6",
"modified": "2026-06-17T21:34:38Z",
"published": "2026-06-17T21:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10741"
},
{
"type": "WEB",
"url": "https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html"
},
{
"type": "WEB",
"url": "https://support.sonatype.com/hc/en-us/articles/52341191736851"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QQG7-GCXW-GMJ3
Vulnerability from github – Published: 2022-05-17 03:57 – Updated: 2025-04-14 20:50The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ranger:ranger"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-5167"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-14T20:50:41Z",
"nvd_published_at": "2016-04-12T14:59:00Z",
"severity": "MODERATE"
},
"details": "The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.",
"id": "GHSA-qqg7-gcxw-gmj3",
"modified": "2025-04-14T20:50:42Z",
"published": "2022-05-17T03:57:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5167"
},
{
"type": "WEB",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/ranger"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel%40apache.org%3E"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel@apache.org%3E"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200501000000*/http://www.securityfocus.com/bid/82871"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Ranger allows users to bypass intended access restrictions via the REST API"
}
GHSA-QQHH-VFCP-578H
Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2022-07-13 00:01antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2021-46371"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-14T16:15:00Z",
"severity": "HIGH"
},
"details": "antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.",
"id": "GHSA-qqhh-vfcp-578h",
"modified": "2022-07-13T00:01:51Z",
"published": "2022-02-15T00:02:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46371"
},
{
"type": "WEB",
"url": "https://github.com/zuiidea/antd-admin/issues/1127"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQMV-5P3G-PX89
Vulnerability from github – Published: 2026-04-04 06:11 – Updated: 2026-04-07 14:20Summary
Directus' TUS resumable upload endpoint (/files/tus) allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only collection-level authorization checks, verifying the user has some permission on directus_files, but never validates item-level access to the specific file being replaced. As a result, row-level permission rules (e.g., "users can only update their own files") are completely bypassed via the TUS path while being correctly enforced on the standard REST upload path.
Impact
- Arbitrary file overwrite: Any authenticated user with basic TUS upload permissions can overwrite any file in
directus_filesby UUID, regardless of row-level permission rules. - Permanent data loss: The victim file's original stored bytes are deleted from storage and replaced with attacker-controlled content.
- Metadata corruption: The victim file's database record is updated with the attacker's filename, type, and size metadata.
Privilege escalation potential: If admin-owned files (e.g., application assets, templates) are stored in
directus_files, a low-privilege user could replace them with malicious content.
Workaround
Disable TUS uploads by setting TUS_ENABLED=false if resumable uploads are not required.
Credit
This vulnerability was discovered and reported by bugbunny.ai.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "directus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.16.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35412"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-04T06:11:18Z",
"nvd_published_at": "2026-04-06T22:16:22Z",
"severity": "HIGH"
},
"details": "## Summary\n\nDirectus\u0027 TUS resumable upload endpoint (`/files/tus`) allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only collection-level authorization checks, verifying the user has some permission on `directus_files`, but never validates item-level access to the specific file being replaced. As a result, row-level permission rules (e.g., \"users can only update their own files\") are completely bypassed via the TUS path while being correctly enforced on the standard REST upload path.\n\n## Impact\n\n- **Arbitrary file overwrite:** Any authenticated user with basic TUS upload permissions can overwrite any file in `directus_files` by UUID, regardless of row-level permission rules.\n- **Permanent data loss:** The victim file\u0027s original stored bytes are deleted from storage and replaced with attacker-controlled content.\n- **Metadata corruption:** The victim file\u0027s database record is updated with the attacker\u0027s filename, type, and size metadata.\nPrivilege escalation potential: If admin-owned files (e.g., application assets, templates) are stored in `directus_files`, a low-privilege user could replace them with malicious content.\n\n## Workaround\n\nDisable TUS uploads by setting `TUS_ENABLED=false` if resumable uploads are not required.\n\n## Credit\n\nThis vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).",
"id": "GHSA-qqmv-5p3g-px89",
"modified": "2026-04-07T14:20:12Z",
"published": "2026-04-04T06:11:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/directus/directus/security/advisories/GHSA-qqmv-5p3g-px89"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35412"
},
{
"type": "PACKAGE",
"url": "https://github.com/directus/directus"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Directus: TUS Upload Authorization Bypass Allows Arbitrary File Overwrite"
}
GHSA-QR5P-M4C8-89VQ
Vulnerability from github – Published: 2024-08-19 18:32 – Updated: 2024-08-19 18:32Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.
{
"affected": [],
"aliases": [
"CVE-2024-43250"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-19T18:15:11Z",
"severity": "HIGH"
},
"details": "Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.",
"id": "GHSA-qr5p-m4c8-89vq",
"modified": "2024-08-19T18:32:09Z",
"published": "2024-08-19T18:32:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43250"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-plugin-settings-change-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QR6C-GP8P-XCWH
Vulnerability from github – Published: 2024-11-15 18:30 – Updated: 2024-12-03 18:31The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.
{
"affected": [],
"aliases": [
"CVE-2024-50647"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T16:15:36Z",
"severity": "HIGH"
},
"details": "The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.",
"id": "GHSA-qr6c-gp8p-xcwh",
"modified": "2024-12-03T18:31:02Z",
"published": "2024-11-15T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50647"
},
{
"type": "WEB",
"url": "https://github.com/Yllxx03/CVE/blob/main/python_food_Information_Disclosure.md"
},
{
"type": "WEB",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.