CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2024-37889 (GCVE-0-2024-37889)
Vulnerability from cvelistv5 – Published: 2024-06-14 19:12 – Updated: 2024-08-02 03:57
VLAI
Title
MyFinances Allows Unauthorized Access to Other Customer Data
Summary
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/TreyWW/MyFinances/security/adv… | x_refsource_CONFIRM |
| https://github.com/TreyWW/MyFinances/commit/2c1e6… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TreyWW | MyFinances |
Affected:
< 0.4.6
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:treyww:myfinances:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "myfinances",
"vendor": "treyww",
"versions": [
{
"lessThan": "0.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T22:01:42.829414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T22:03:37.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:40.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2"
},
{
"name": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MyFinances",
"vendor": "TreyWW",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T19:12:14.977Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2"
},
{
"name": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f"
}
],
"source": {
"advisory": "GHSA-4884-3gvp-3wj2",
"discovery": "UNKNOWN"
},
"title": "MyFinances Allows Unauthorized Access to Other Customer Data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37889",
"datePublished": "2024-06-14T19:12:14.977Z",
"dateReserved": "2024-06-10T19:54:41.360Z",
"dateUpdated": "2024-08-02T03:57:40.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38701 (GCVE-0-2024-38701)
Vulnerability from cvelistv5 – Published: 2024-07-22 10:14 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/aca… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Academy LMS | Academy LMS |
Affected:
n/a , ≤ 2.0.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kodezen:academy_lms:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "academy_lms",
"vendor": "kodezen",
"versions": [
{
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38701",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T13:20:57.738513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-11T13:44:14.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "academy",
"product": "Academy LMS",
"vendor": "Academy LMS",
"versions": [
{
"changes": [
{
"at": "2.0.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "filime (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.\u003cp\u003eThis issue affects Academy LMS: from n/a through 2.0.4.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:04.747Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.0.5 or a higher version."
}
],
"value": "Update to 2.0.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Academy LMS plugin \u003c= 2.0.4 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38701",
"datePublished": "2024-07-22T10:14:44.172Z",
"dateReserved": "2024-06-19T11:16:10.229Z",
"dateUpdated": "2026-04-28T16:10:04.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38827 (GCVE-0-2024-38827)
Vulnerability from cvelistv5 – Published: 2024-12-02 14:32 – Updated: 2025-01-24 20:03
VLAI
Title
Spring Security Authorization Bypass for Case Sensitive Comparisons
Summary
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
Severity
4.8 (Medium)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring by VMware Tanzu | Spring Security |
Affected:
5.7.0 - 5.7.13, 5.8.0 - 5.8.15, 6.0.0 - 6.0.13, 6.1.0 - 6.1.11, 6.2.0 - 6.2.7, 6.3.0 - 6.3.4, Older unsupported versions are also affected
|
Date Public
2024-11-19 14:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T15:27:02.642978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T15:27:27.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:06.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring by VMware Tanzu",
"versions": [
{
"status": "affected",
"version": "5.7.0 - 5.7.13, 5.8.0 - 5.8.15, 6.0.0 - 6.0.13, 6.1.0 - 6.1.11, 6.2.0 - 6.2.7, 6.3.0 - 6.3.4, Older unsupported versions are also affected"
}
]
}
],
"datePublic": "2024-11-19T14:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe usage of \u003c/span\u003e\u003ccode\u003eString.toLowerCase()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003ccode\u003eString.toUpperCase()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;has some \u003c/span\u003e\u003ccode\u003eLocale\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;dependent exceptions that could potentially result in authorization rules not working properly.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The usage of String.toLowerCase()\u00a0and String.toUpperCase()\u00a0has some Locale\u00a0dependent exceptions that could potentially result in authorization rules not working properly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T14:32:12.471Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38827"
}
],
"source": {
"advisory": "cve-2024-38827",
"discovery": "UNKNOWN"
},
"title": "Spring Security Authorization Bypass for Case Sensitive Comparisons",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38827",
"datePublished": "2024-12-02T14:32:12.471Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2025-01-24T20:03:06.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39319 (GCVE-0-2024-39319)
Vulnerability from cvelistv5 – Published: 2024-09-26 16:07 – Updated: 2024-09-26 18:24
VLAI
Title
aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
Summary
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
Severity
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_CONFIRM |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
| https://github.com/aimeos/ai-controller-frontend/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aimeos | ai-controller-frontend |
Affected:
= 2024.04.1
Affected: >= 2023.04.1, < 2023.10.9 Affected: >= 2022.04.1, < 2022.10.8 Affected: >= 2021.04.1, < 2021.10.8 Affected: < 2020.10.15 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ai-controller-frontend",
"vendor": "aimeos_project",
"versions": [
{
"status": "affected",
"version": "2024.04.1"
},
{
"lessThan": "2023.10.9",
"status": "affected",
"version": "2023.04.1",
"versionType": "custom"
},
{
"lessThan": "2022.10.8",
"status": "affected",
"version": "2022.04.1",
"versionType": "custom"
},
{
"lessThan": "2021.10.8",
"status": "affected",
"version": "2021.04.1",
"versionType": "custom"
},
{
"lessThan": "2020.10.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:55:58.738464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:24:00.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ai-controller-frontend",
"vendor": "aimeos",
"versions": [
{
"status": "affected",
"version": "= 2024.04.1"
},
{
"status": "affected",
"version": "\u003e= 2023.04.1, \u003c 2023.10.9"
},
{
"status": "affected",
"version": "\u003e= 2022.04.1, \u003c 2022.10.8"
},
{
"status": "affected",
"version": "\u003e= 2021.04.1, \u003c 2021.10.8"
},
{
"status": "affected",
"version": "\u003c 2020.10.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:07:01.482Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb"
},
{
"name": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85"
}
],
"source": {
"advisory": "GHSA-rw3j-574h-mrcq",
"discovery": "UNKNOWN"
},
"title": "aimeos/ai-controller-frontend has IDOR vulnerability in account profile page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39319",
"datePublished": "2024-09-26T16:07:01.482Z",
"dateReserved": "2024-06-21T18:15:22.262Z",
"dateUpdated": "2024-09-26T18:24:00.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39321 (GCVE-0-2024-39321)
Vulnerability from cvelistv5 – Published: 2024-07-05 17:32 – Updated: 2024-08-02 04:19
VLAI
Title
Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
Summary
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
Severity
7.5 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/traefik/traefik/security/advis… | x_refsource_CONFIRM |
| https://github.com/traefik/traefik/releases/tag/v2.11.6 | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v3.0.4 | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T20:07:02.660742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:07:14.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.11.6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.6"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.0.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.4"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.6"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-beta3, \u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003e= 3.1.0-rc1, \u003c 3.1.0-rc3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:32:06.688Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.11.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.6"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.4"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3"
}
],
"source": {
"advisory": "GHSA-gxrv-wf35-62w9",
"discovery": "UNKNOWN"
},
"title": "Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39321",
"datePublished": "2024-07-05T17:32:06.688Z",
"dateReserved": "2024-06-21T18:15:22.263Z",
"dateUpdated": "2024-08-02T04:19:20.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39642 (GCVE-0-2024-39642)
Vulnerability from cvelistv5 – Published: 2024-08-13 10:47 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/lea… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ThimPress | LearnPress |
Affected:
n/a , ≤ 4.2.6.8.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T15:53:21.835684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T15:53:36.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "learnpress",
"product": "LearnPress",
"vendor": "ThimPress",
"versions": [
{
"changes": [
{
"at": "4.2.6.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.6.8.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects LearnPress: from n/a through 4.2.6.8.2.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:07.667Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-2-6-8-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.2.6.9 or a higher version."
}
],
"value": "Update to 4.2.6.9 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress LearnPress plugin \u003c= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-39642",
"datePublished": "2024-08-13T10:47:20.445Z",
"dateReserved": "2024-06-26T21:18:49.917Z",
"dateUpdated": "2026-04-28T16:10:07.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39897 (GCVE-0-2024-39897)
Vulnerability from cvelistv5 – Published: 2024-07-09 18:48 – Updated: 2024-08-02 04:33
VLAI
Title
Cache driver GetBlob() allows read access to any blob without access control check
Summary
zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is enabled (it is enabled by default), then an attacker who knows the name of an image and the digest of a blob (that they do not have read access to), they may maliciously read it via a second repository they do have read access to.
This attack is possible because [`ImageStore.CheckBlob()` calls `checkCacheBlob()`](https://github.com/project-zot/zot/blob/v2.1.0-rc2/pkg/storage/imagestore/imagestore.go#L1158-L1159) to find the blob a global cache by searching for the digest. If it is found, it is copied to the user requested repository with `copyBlob()`. The attack may be mitigated by configuring "dedupe": false in the "storage" settings. The vulnerability is fixed in 2.1.0.
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/project-zot/zot/security/advis… | x_refsource_CONFIRM |
| https://github.com/project-zot/zot/commit/aaee022… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| project-zot | zot |
Affected:
< 2.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:35:45.771671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:35:52.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r"
},
{
"name": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zot",
"vendor": "project-zot",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is enabled (it is enabled by default), then an attacker who knows the name of an image and the digest of a blob (that they do not have read access to), they may maliciously read it via a second repository they do have read access to. \n This attack is possible because [`ImageStore.CheckBlob()` calls `checkCacheBlob()`](https://github.com/project-zot/zot/blob/v2.1.0-rc2/pkg/storage/imagestore/imagestore.go#L1158-L1159) to find the blob a global cache by searching for the digest. If it is found, it is copied to the user requested repository with `copyBlob()`. The attack may be mitigated by configuring \"dedupe\": false in the \"storage\" settings. The vulnerability is fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T18:48:24.335Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r"
},
{
"name": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df"
}
],
"source": {
"advisory": "GHSA-55r9-5mx9-qq7r",
"discovery": "UNKNOWN"
},
"title": "Cache driver GetBlob() allows read access to any blob without access control check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39897",
"datePublished": "2024-07-09T18:48:24.335Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39900 (GCVE-0-2024-39900)
Vulnerability from cvelistv5 – Published: 2024-07-09 21:17 – Updated: 2024-08-02 04:33
VLAI
Title
OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
Summary
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
Severity
5.4 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opensearch-project/reporting/s… | x_refsource_CONFIRM |
| https://github.com/opensearch-project/reporting/c… | x_refsource_MISC |
| https://opensearch.org/versions/opensearch-2-14-0.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opensearch-project | reporting |
Affected:
< 2.14.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T16:28:44.073264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:49:15.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q"
},
{
"name": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992"
},
{
"name": "https://opensearch.org/versions/opensearch-2-14-0.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reporting",
"vendor": "opensearch-project",
"versions": [
{
"status": "affected",
"version": "\u003c 2.14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSearch Dashboards Reports allows \u2018Report Owner\u2019 export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T21:17:21.652Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q"
},
{
"name": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992"
},
{
"name": "https://opensearch.org/versions/opensearch-2-14-0.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"source": {
"advisory": "GHSA-xmvg-335g-x44q",
"discovery": "UNKNOWN"
},
"title": "OpenSearch Dashboards Reports does not properly restrict access to private tenant resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39900",
"datePublished": "2024-07-09T21:17:21.652Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39901 (GCVE-0-2024-39901)
Vulnerability from cvelistv5 – Published: 2024-07-09 21:14 – Updated: 2024-08-02 04:33
VLAI
Title
OpenSearch Observability does not properly restrict access to private tenant resources
Summary
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
Severity
4.2 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opensearch-project/observabili… | x_refsource_CONFIRM |
| https://github.com/opensearch-project/observabili… | x_refsource_MISC |
| https://opensearch.org/versions/opensearch-2-14-0.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opensearch-project | observability |
Affected:
< 2.14.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T14:06:06.262219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T14:08:16.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/opensearch-project/observability/security/advisories/GHSA-77vc-rj32-2r33",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/opensearch-project/observability/security/advisories/GHSA-77vc-rj32-2r33"
},
{
"name": "https://github.com/opensearch-project/observability/commit/014423178f8f61d90442dde03cbdcd754c70a84e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensearch-project/observability/commit/014423178f8f61d90442dde03cbdcd754c70a84e"
},
{
"name": "https://opensearch.org/versions/opensearch-2-14-0.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "observability",
"vendor": "opensearch-project",
"versions": [
{
"status": "affected",
"version": "\u003c 2.14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:01:08.334Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opensearch-project/observability/security/advisories/GHSA-77vc-rj32-2r33",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opensearch-project/observability/security/advisories/GHSA-77vc-rj32-2r33"
},
{
"name": "https://github.com/opensearch-project/observability/commit/014423178f8f61d90442dde03cbdcd754c70a84e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensearch-project/observability/commit/014423178f8f61d90442dde03cbdcd754c70a84e"
},
{
"name": "https://opensearch.org/versions/opensearch-2-14-0.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://opensearch.org/versions/opensearch-2-14-0.html"
}
],
"source": {
"advisory": "GHSA-77vc-rj32-2r33",
"discovery": "UNKNOWN"
},
"title": "OpenSearch Observability does not properly restrict access to private tenant resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39901",
"datePublished": "2024-07-09T21:14:28.777Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4151 (GCVE-0-2024-4151)
Vulnerability from cvelistv5 – Published: 2024-05-20 14:14 – Updated: 2025-01-31 11:05
VLAI
Title
Improper Access Control in lunary-ai/lunary
Summary
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.
Severity
8.3 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| lunary-ai | lunary-ai/lunary |
Affected:
unspecified , < 1.2.25
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:51:24.858142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:09.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/4acfef85-dedf-43bd-8438-0d8aaa4ffa01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lunary-ai/lunary",
"vendor": "lunary-ai",
"versions": [
{
"lessThan": "1.2.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T11:05:21.243Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/4acfef85-dedf-43bd-8438-0d8aaa4ffa01"
},
{
"url": "https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf"
}
],
"source": {
"advisory": "4acfef85-dedf-43bd-8438-0d8aaa4ffa01",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in lunary-ai/lunary"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4151",
"datePublished": "2024-05-20T14:14:53.399Z",
"dateReserved": "2024-04-24T21:48:24.330Z",
"dateUpdated": "2025-01-31T11:05:21.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Phase: Architecture and Design
Description:
- Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.