CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2023-25548 (GCVE-0-2023-25548)
Vulnerability from cvelistv5 – Published: 2023-04-18 20:32 – Updated: 2025-03-03 19:17
VLAI
Summary
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device
credentials on specific DCE endpoints not being properly secured when a hacker is using a low
privileged user.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Severity
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | StruxureWare Data Center Expert |
Affected:
All , ≤ V7.9.2
(custom)
|
Date Public
2023-02-14 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:05:12.580316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:17:53.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "StruxureWare Data Center Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "V7.9.2",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nA CWE-863: Incorrect Authorization vulnerability exists that could allow access to device\ncredentials on specific DCE endpoints not being properly secured when a hacker is using a low\nprivileged user. \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\u003c/p\u003e"
}
],
"value": "\nA CWE-863: Incorrect Authorization vulnerability exists that could allow access to device\ncredentials on specific DCE endpoints not being properly secured when a hacker is using a low\nprivileged user. \n\n Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:32:42.718Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-045-02.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-25548",
"datePublished": "2023-04-18T20:32:42.718Z",
"dateReserved": "2023-02-07T17:00:03.777Z",
"dateUpdated": "2025-03-03T19:17:53.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2576 (GCVE-0-2023-2576)
Vulnerability from cvelistv5 – Published: 2023-07-13 02:08 – Updated: 2024-10-30 19:24
VLAI
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/410123 | issue-tracking |
| https://hackerone.com/reports/1898054 | technical-descriptionexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #410123",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410123"
},
{
"name": "HackerOne Bug Bounty Report #1898054",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/1898054"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2576",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:24:28.022972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:24:40.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "15.11.10",
"status": "affected",
"version": "13.7",
"versionType": "semver"
},
{
"lessThan": "16.0.6",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "16.1.1",
"status": "affected",
"version": "16.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [inspector-ambitious](https://hackerone.com/inspector-ambitious) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T06:23:10.718Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #410123",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/410123"
},
{
"name": "HackerOne Bug Bounty Report #1898054",
"tags": [
"technical-description",
"exploit"
],
"url": "https://hackerone.com/reports/1898054"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 15.11.10, 16.0.6, 16.1.1 or above."
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2576",
"datePublished": "2023-07-13T02:08:59.291Z",
"dateReserved": "2023-05-08T11:23:53.074Z",
"dateUpdated": "2024-10-30T19:24:40.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25923 (GCVE-0-2023-25923)
Vulnerability from cvelistv5 – Published: 2023-03-21 15:07 – Updated: 2025-02-26 16:46
VLAI
Title
IBM Security Key Lifecycle Manager denial of service
Summary
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6962729 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security Key Lifecycle Manager |
Affected:
3.0, 3.0.1, 4.0, 4.1, 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6962729"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247629"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:46:41.612545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:46:51.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Key Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0, 3.0.1, 4.0, 4.1, 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629."
}
],
"value": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T15:07:53.940Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6962729"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247629"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Key Lifecycle Manager denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-25923",
"datePublished": "2023-03-21T15:07:53.940Z",
"dateReserved": "2023-02-16T16:39:45.212Z",
"dateUpdated": "2025-02-26T16:46:51.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25924 (GCVE-0-2023-25924)
Vulnerability from cvelistv5 – Published: 2023-03-21 14:53 – Updated: 2025-02-26 16:48
VLAI
Title
IBM Security Key Lifecycle Manager improper authorization
Summary
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.
Severity
5.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6962729 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security Key Lifecycle Manager |
Affected:
3.0, 3.0.1, 4.0, 4.1 , 4.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6962729"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247630"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:48:08.214652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:48:20.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Key Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0, 3.0.1, 4.0, 4.1 , 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630."
}
],
"value": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T04:39:15.803Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6962729"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247630"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Key Lifecycle Manager improper authorization",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-25924",
"datePublished": "2023-03-21T14:53:38.493Z",
"dateReserved": "2023-02-16T16:39:45.212Z",
"dateUpdated": "2025-02-26T16:48:20.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26056 (GCVE-0-2023-26056)
Vulnerability from cvelistv5 – Published: 2023-03-02 18:44 – Updated: 2025-03-05 20:40
VLAI
Title
XWiki Platform allows macro execution as any user without programming rights through the context macro
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.
Severity
5.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/4b… | x_refsource_MISC |
| https://github.com/xwiki/xwiki-platform/commit/bd… | x_refsource_MISC |
| https://github.com/xwiki/xwiki-platform/commit/dd… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-19856 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 3.0-milestone-1, < 13.10.10
Affected: >= 14.0-rc-1, < 14.4.5 Affected: >= 14.5, < 14.8-rc-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19856",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19856"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T20:39:49.723789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T20:40:21.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0-milestone-1, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.5"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it\u0027s possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:44:00.363Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19856",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19856"
}
],
"source": {
"advisory": "GHSA-859x-p6jp-rc2w",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform allows macro execution as any user without programming rights through the context macro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26056",
"datePublished": "2023-03-02T18:44:00.363Z",
"dateReserved": "2023-02-17T22:44:03.151Z",
"dateUpdated": "2025-03-05T20:40:21.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2640 (GCVE-0-2023-2640)
Vulnerability from cvelistv5 – Published: 2023-07-26 01:59 – Updated: 2024-10-23 14:59
VLAI
Summary
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
Severity
7.8 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://ubuntu.com/security/notices/USN-6250-1 | vendor-advisory |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
| https://wiz.io/blog/ubuntu-overlayfs-vulnerability | technical-description |
| https://lists.ubuntu.com/archives/kernel-team/202… | mailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | Ubuntu Kernel |
Unaffected:
0 , < 6.2.0-26.26
(semver)
Unaffected: 0 , < 6.0.0-1020.20 (semver) Unaffected: 0 , < 5.4.0-155.172 (semver) |
Date Public
2023-06-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6250-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:canonical:ubantu_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubantu_kernel",
"vendor": "canonical",
"versions": [
{
"lessThan": "6.2.0-26.26",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.0.0-1020.20",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.4.0-155.172",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:57:20.015297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:59:17.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Linux",
"platforms": [
"Linux"
],
"product": "Ubuntu Kernel",
"vendor": "Canonical",
"versions": [
{
"lessThan": "6.2.0-26.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.0.0-1020.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.4.0-155.172",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stonejiajia"
},
{
"lang": "en",
"type": "finder",
"value": "Shir Tamari"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
}
],
"datePublic": "2023-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Ubuntu kernels carrying both c914c0e27eb0 and \"UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs\", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T01:59:23.543Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6250-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640"
},
{
"tags": [
"technical-description"
],
"url": "https://wiz.io/blog/ubuntu-overlayfs-vulnerability"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html"
}
],
"workarounds": [
{
"lang": "en",
"value": "If not needed, disable the ability for unprivileged users\nto create namespaces. To do this temporarily, do:\n sudo sysctl -w kernel.unprivileged_userns_clone=0\nTo disable across reboots, do:\n echo kernel.unprivileged_userns_clone=0 | \\\n sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-2640",
"datePublished": "2023-07-26T01:59:23.543Z",
"dateReserved": "2023-05-10T21:23:35.226Z",
"dateUpdated": "2024-10-23T14:59:17.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26484 (GCVE-0-2023-26484)
Vulnerability from cvelistv5 – Published: 2023-03-15 20:40 – Updated: 2025-02-25 14:56
VLAI
Title
On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs
Summary
KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node.
Severity
8.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kubevirt/kubevirt/security/adv… | x_refsource_CONFIRM |
| https://github.com/kubevirt/kubevirt/issues/9109 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-cp96-jpmq-xrr2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-cp96-jpmq-xrr2"
},
{
"name": "https://github.com/kubevirt/kubevirt/issues/9109",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubevirt/kubevirt/issues/9109"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:18.833407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:56:59.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kubevirt",
"vendor": "kubevirt",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.59.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T20:40:17.424Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-cp96-jpmq-xrr2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-cp96-jpmq-xrr2"
},
{
"name": "https://github.com/kubevirt/kubevirt/issues/9109",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubevirt/kubevirt/issues/9109"
}
],
"source": {
"advisory": "GHSA-cp96-jpmq-xrr2",
"discovery": "UNKNOWN"
},
"title": "On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26484",
"datePublished": "2023-03-15T20:40:17.424Z",
"dateReserved": "2023-02-23T23:22:58.575Z",
"dateUpdated": "2025-02-25T14:56:59.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27485 (GCVE-0-2023-27485)
Vulnerability from cvelistv5 – Published: 2023-03-07 18:26 – Updated: 2025-02-25 15:00
VLAI
Title
Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core
Summary
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/thm-mni-ii/feedbacksystem/secu… | x_refsource_CONFIRM |
| https://github.com/thm-mni-ii/feedbacksystem/comm… | x_refsource_MISC |
| https://github.com/thm-mni-ii/feedbacksystem/rele… | x_refsource_MISC |
| https://thm-mni-ii.github.io/feedbacksystem/api-d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thm-mni-ii | feedbacksystem |
Affected:
< 1.5.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-fhq8-p3w6-mmgr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-fhq8-p3w6-mmgr"
},
{
"name": "https://github.com/thm-mni-ii/feedbacksystem/commit/f1ae67d8bb2286a8eb15949038473d41b1358493",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thm-mni-ii/feedbacksystem/commit/f1ae67d8bb2286a8eb15949038473d41b1358493"
},
{
"name": "https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.5.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.5.3"
},
{
"name": "https://thm-mni-ii.github.io/feedbacksystem/api-docs/#tag/Submission/operation/getCourseTaskSubmissionSubresults",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thm-mni-ii.github.io/feedbacksystem/api-docs/#tag/Submission/operation/getCourseTaskSubmissionSubresults"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:07.491629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:00:16.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "feedbacksystem",
"vendor": "thm-mni-ii",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T18:26:11.365Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-fhq8-p3w6-mmgr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-fhq8-p3w6-mmgr"
},
{
"name": "https://github.com/thm-mni-ii/feedbacksystem/commit/f1ae67d8bb2286a8eb15949038473d41b1358493",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thm-mni-ii/feedbacksystem/commit/f1ae67d8bb2286a8eb15949038473d41b1358493"
},
{
"name": "https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.5.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.5.3"
},
{
"name": "https://thm-mni-ii.github.io/feedbacksystem/api-docs/#tag/Submission/operation/getCourseTaskSubmissionSubresults",
"tags": [
"x_refsource_MISC"
],
"url": "https://thm-mni-ii.github.io/feedbacksystem/api-docs/#tag/Submission/operation/getCourseTaskSubmissionSubresults"
}
],
"source": {
"advisory": "GHSA-fhq8-p3w6-mmgr",
"discovery": "UNKNOWN"
},
"title": "Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27485",
"datePublished": "2023-03-07T18:26:11.365Z",
"dateReserved": "2023-03-01T19:03:56.633Z",
"dateUpdated": "2025-02-25T15:00:16.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27486 (GCVE-0-2023-27486)
Vulnerability from cvelistv5 – Published: 2023-03-08 18:53 – Updated: 2025-02-25 14:59
VLAI
Title
Insufficient authorization validation between zones when xCAT zones are enabled
Summary
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.
Severity
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/xcat2/xcat-core/security/advis… | x_refsource_CONFIRM |
| https://github.com/xcat2/xcat-core/issues/7246 | x_refsource_MISC |
| https://github.com/xcat2/xcat-core/pull/7247 | x_refsource_MISC |
| https://github.com/xcat2/xcat-core/pull/7247/comm… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv"
},
{
"name": "https://github.com/xcat2/xcat-core/issues/7246",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xcat2/xcat-core/issues/7246"
},
{
"name": "https://github.com/xcat2/xcat-core/pull/7247",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xcat2/xcat-core/pull/7247"
},
{
"name": "https://github.com/xcat2/xcat-core/pull/7247/commits/85149c37f49dbca7bd85f1f586960315604fc024",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xcat2/xcat-core/pull/7247/commits/85149c37f49dbca7bd85f1f586960315604fc024"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:44.673725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:59:46.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xcat-core",
"vendor": "xcat2",
"versions": [
{
"status": "affected",
"version": "\u003c 2.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-08T18:53:41.030Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv"
},
{
"name": "https://github.com/xcat2/xcat-core/issues/7246",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xcat2/xcat-core/issues/7246"
},
{
"name": "https://github.com/xcat2/xcat-core/pull/7247",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xcat2/xcat-core/pull/7247"
},
{
"name": "https://github.com/xcat2/xcat-core/pull/7247/commits/85149c37f49dbca7bd85f1f586960315604fc024",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xcat2/xcat-core/pull/7247/commits/85149c37f49dbca7bd85f1f586960315604fc024"
}
],
"source": {
"advisory": "GHSA-hpxg-7428-6jvv",
"discovery": "UNKNOWN"
},
"title": "Insufficient authorization validation between zones when xCAT zones are enabled"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27486",
"datePublished": "2023-03-08T18:53:41.030Z",
"dateReserved": "2023-03-01T19:03:56.633Z",
"dateUpdated": "2025-02-25T14:59:46.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27523 (GCVE-0-2023-27523)
Vulnerability from cvelistv5 – Published: 2023-09-06 12:55 – Updated: 2024-09-26 15:24
VLAI
Title
Apache Superset: Improper data permission validation on Jinja templated queries
Summary
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
Severity
5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/3y97nmwm956b6zg3l… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Affected:
0 , ≤ 2.1.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:49:47.172075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:24:13.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jingjing Hu"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper data authorization check on Jinja templated queries in Apache Superset\u0026nbsp;up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper data authorization check on Jinja templated queries in Apache Superset\u00a0up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T12:55:31.286Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Superset: Improper data permission validation on Jinja templated queries",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-27523",
"datePublished": "2023-09-06T12:55:31.286Z",
"dateReserved": "2023-03-02T12:54:40.810Z",
"dateUpdated": "2024-09-26T15:24:13.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.