CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2023-38493 (GCVE-0-2023-38493)
Vulnerability from cvelistv5 – Published: 2023-07-25 20:51 – Updated: 2024-10-03 18:47
VLAI
Title
Paths contain matrix variables bypass decorators
Summary
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.
Severity
7.5 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/line/armeria/security/advisori… | x_refsource_CONFIRM |
| https://github.com/line/armeria/commit/039db50bbf… | x_refsource_MISC |
| https://docs.spring.io/spring-framework/reference… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/line/armeria/security/advisories/GHSA-wvp2-9ppw-337j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/line/armeria/security/advisories/GHSA-wvp2-9ppw-337j"
},
{
"name": "https://github.com/line/armeria/commit/039db50bbfc88014ea8737fd1e1ddd6fd3fc4f07",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/line/armeria/commit/039db50bbfc88014ea8737fd1e1ddd6fd3fc4f07"
},
{
"name": "https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/matrix-variables.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/matrix-variables.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "armeria",
"vendor": "linecorp",
"versions": [
{
"lessThan": "1.24.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:46:47.972990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:47:47.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "armeria",
"vendor": "line",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T20:51:11.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/line/armeria/security/advisories/GHSA-wvp2-9ppw-337j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/line/armeria/security/advisories/GHSA-wvp2-9ppw-337j"
},
{
"name": "https://github.com/line/armeria/commit/039db50bbfc88014ea8737fd1e1ddd6fd3fc4f07",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/line/armeria/commit/039db50bbfc88014ea8737fd1e1ddd6fd3fc4f07"
},
{
"name": "https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/matrix-variables.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/matrix-variables.html"
}
],
"source": {
"advisory": "GHSA-wvp2-9ppw-337j",
"discovery": "UNKNOWN"
},
"title": "Paths contain matrix variables bypass decorators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38493",
"datePublished": "2023-07-25T20:51:11.170Z",
"dateReserved": "2023-07-18T16:28:12.076Z",
"dateUpdated": "2024-10-03T18:47:47.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3920 (GCVE-0-2023-3920)
Vulnerability from cvelistv5 – Published: 2023-09-29 06:02 – Updated: 2026-04-25 04:05
VLAI
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/417481 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2058121 | technical-descriptionexploitpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T18:28:54.700432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:29:02.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #417481",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417481"
},
{
"name": "HackerOne Bug Bounty Report #2058121",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2058121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.8",
"status": "affected",
"version": "11.2",
"versionType": "semver"
},
{
"lessThan": "16.3.5",
"status": "affected",
"version": "16.3",
"versionType": "semver"
},
{
"lessThan": "16.4.1",
"status": "affected",
"version": "16.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T04:05:14.315Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #417481",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417481"
},
{
"name": "HackerOne Bug Bounty Report #2058121",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2058121"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.4.1, 16.3.5, 16.2.8"
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3920",
"datePublished": "2023-09-29T06:02:31.303Z",
"dateReserved": "2023-07-25T10:30:33.135Z",
"dateUpdated": "2026-04-25T04:05:14.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39363 (GCVE-0-2023-39363)
Vulnerability from cvelistv5 – Published: 2023-08-07 18:40 – Updated: 2024-10-11 14:05
VLAI
Title
Vyper incorrectly allocated named re-entrancy locks
Summary
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/vyperlang/vyper/security/advis… | x_refsource_CONFIRM |
| https://github.com/vyperlang/vyper/pull/2439 | x_refsource_MISC |
| https://github.com/vyperlang/vyper/pull/2514 | x_refsource_MISC |
| https://hackmd.io/@LlamaRisk/BJzSKHNjn | x_refsource_MISC |
| https://hackmd.io/@vyperlang/HJUgNMhs2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38"
},
{
"name": "https://github.com/vyperlang/vyper/pull/2439",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/pull/2439"
},
{
"name": "https://github.com/vyperlang/vyper/pull/2514",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/pull/2514"
},
{
"name": "https://hackmd.io/@LlamaRisk/BJzSKHNjn",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackmd.io/@LlamaRisk/BJzSKHNjn"
},
{
"name": "https://hackmd.io/@vyperlang/HJUgNMhs2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackmd.io/@vyperlang/HJUgNMhs2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:06:38.040646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:06:48.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vyper",
"vendor": "vyperlang",
"versions": [
{
"status": "affected",
"version": "= 0.2.15"
},
{
"status": "affected",
"version": "= 0.2.16"
},
{
"status": "affected",
"version": "= 0.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:05:03.824Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38"
},
{
"name": "https://github.com/vyperlang/vyper/pull/2439",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vyperlang/vyper/pull/2439"
},
{
"name": "https://github.com/vyperlang/vyper/pull/2514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vyperlang/vyper/pull/2514"
},
{
"name": "https://hackmd.io/@LlamaRisk/BJzSKHNjn",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackmd.io/@LlamaRisk/BJzSKHNjn"
},
{
"name": "https://hackmd.io/@vyperlang/HJUgNMhs2",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackmd.io/@vyperlang/HJUgNMhs2"
}
],
"source": {
"advisory": "GHSA-5824-cm3x-3c38",
"discovery": "UNKNOWN"
},
"title": "Vyper incorrectly allocated named re-entrancy locks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39363",
"datePublished": "2023-08-07T18:40:25.615Z",
"dateReserved": "2023-07-28T13:26:46.480Z",
"dateUpdated": "2024-10-11T14:05:03.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3964 (GCVE-0-2023-3964)
Vulnerability from cvelistv5 – Published: 2023-12-01 07:02 – Updated: 2026-05-06 04:05
VLAI
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/419857 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2037316 | technical-descriptionexploitpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #419857",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419857"
},
{
"name": "HackerOne Bug Bounty Report #2037316",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2037316"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3964",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T02:22:14.694015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T02:22:32.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.4.3",
"status": "affected",
"version": "13.2",
"versionType": "semver"
},
{
"lessThan": "16.5.3",
"status": "affected",
"version": "16.5",
"versionType": "semver"
},
{
"lessThan": "16.6.1",
"status": "affected",
"version": "16.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T04:05:57.591Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #419857",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419857"
},
{
"name": "HackerOne Bug Bounty Report #2037316",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2037316"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.4.3, 16.5.3, or 16.6.1"
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3964",
"datePublished": "2023-12-01T07:02:18.158Z",
"dateReserved": "2023-07-26T22:30:27.029Z",
"dateUpdated": "2026-05-06T04:05:57.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3979 (GCVE-0-2023-3979)
Vulnerability from cvelistv5 – Published: 2023-09-29 06:02 – Updated: 2026-05-08 04:06
VLAI
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/419972 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2082560 | technical-descriptionexploitpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T14:04:09.768079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T14:04:19.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #419972",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972"
},
{
"name": "HackerOne Bug Bounty Report #2082560",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2082560"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.2.8",
"status": "affected",
"version": "10.6",
"versionType": "semver"
},
{
"lessThan": "16.3.5",
"status": "affected",
"version": "16.3",
"versionType": "semver"
},
{
"lessThan": "16.4.1",
"status": "affected",
"version": "16.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request\u2019s source branch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T04:06:39.092Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #419972",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972"
},
{
"name": "HackerOne Bug Bounty Report #2082560",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2082560"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 16.4.1, 16.3.5, 16.2.8"
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3979",
"datePublished": "2023-09-29T06:02:06.310Z",
"dateReserved": "2023-07-27T18:01:01.568Z",
"dateUpdated": "2026-05-08T04:06:39.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39965 (GCVE-0-2023-39965)
Vulnerability from cvelistv5 – Published: 2023-08-10 17:42 – Updated: 2024-10-04 18:57
VLAI
Title
1Panel Unauthorized access in Backend
Summary
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.
Severity
6.5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/1Panel-dev/1Panel/security/adv… | x_refsource_CONFIRM |
| https://github.com/1Panel-dev/1Panel/releases/tag… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 1Panel-dev | 1Panel |
Affected:
= 1.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555"
},
{
"name": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "1panel",
"vendor": "fit2cloud",
"versions": [
{
"status": "affected",
"version": "1.4.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T18:15:39.961454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T18:57:04.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "1Panel",
"vendor": "1Panel-dev",
"versions": [
{
"status": "affected",
"version": "= 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T17:42:05.793Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555"
},
{
"name": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0"
}
],
"source": {
"advisory": "GHSA-85cf-gj29-f555",
"discovery": "UNKNOWN"
},
"title": "1Panel Unauthorized access in Backend"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39965",
"datePublished": "2023-08-10T17:42:05.793Z",
"dateReserved": "2023-08-07T16:27:27.076Z",
"dateUpdated": "2024-10-04T18:57:04.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40168 (GCVE-0-2023-40168)
Vulnerability from cvelistv5 – Published: 2023-08-17 19:05 – Updated: 2024-10-01 17:52
VLAI
Title
Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
Summary
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources.
Severity
7.4 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/TurboWarp/desktop/security/adv… | x_refsource_CONFIRM |
| https://github.com/TurboWarp/desktop/commit/55e07… | x_refsource_MISC |
| https://github.com/TurboWarp/desktop/commit/a62db… | x_refsource_MISC |
| https://github.com/TurboWarp/desktop/commit/f0f82… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q"
},
{
"name": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6"
},
{
"name": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267"
},
{
"name": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T17:47:01.371744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T17:52:22.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desktop",
"vendor": "TurboWarp",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T19:05:18.113Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q"
},
{
"name": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6"
},
{
"name": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267"
},
{
"name": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f"
}
],
"source": {
"advisory": "GHSA-wg4p-vj7h-q82q",
"discovery": "UNKNOWN"
},
"title": "Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40168",
"datePublished": "2023-08-17T19:05:18.113Z",
"dateReserved": "2023-08-09T15:26:41.051Z",
"dateUpdated": "2024-10-01T17:52:22.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40309 (GCVE-0-2023-40309)
Vulnerability from cvelistv5 – Published: 2023-09-12 02:21 – Updated: 2024-09-28 22:10
VLAI
Title
Missing Authorization check in SAP CommonCryptoLib
Summary
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Severity
9.8 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP CommonCryptoLib |
Affected:
8
|
|
| SAP_SE | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise |
Affected:
KERNEL 7.22
Affected: KERNEL 7.53 Affected: KERNEL 7.54 Affected: KERNEL 7.77 Affected: KERNEL 7.85 Affected: KERNEL 7.89 Affected: KERNEL 7.91 Affected: KERNEL 7.92 Affected: KERNEL 7.93 Affected: KERNEL 8.04 Affected: KERNEL64UC 7.22 Affected: KERNEL64UC 7.22EXT Affected: KERNEL64UC 7.53 Affected: KERNEL64UC 8.04 Affected: KERNEL64NUC 7.22 Affected: KERNEL64NUC 7.22EXT |
|
| SAP_SE | SAP Web Dispatcher |
Affected:
7.22EXT
Affected: 7.53 Affected: 7.54 Affected: 7.77 Affected: 7.85 Affected: 7.89 |
|
| SAP_SE | SAP Content Server |
Affected:
6.50
Affected: 7.53 Affected: 7.54 |
|
| SAP_SE | SAP HANA Database |
Affected:
2.00
|
|
| SAP_SE | SAP Host Agent |
Affected:
722
|
|
| SAP_SE | SAP Extended Application Services and Runtime (XSA) |
Affected:
SAP_EXTENDED_APP_SERVICES 1
Affected: XS_ADVANCED_RUNTIME 1.00 |
|
| SAP_SE | SAPSSOEXT |
Affected:
17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3340576"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:26:09.938156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:26:24.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CommonCryptoLib",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "8"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "KERNEL 7.53"
},
{
"status": "affected",
"version": "KERNEL 7.54"
},
{
"status": "affected",
"version": "KERNEL 7.77"
},
{
"status": "affected",
"version": "KERNEL 7.85"
},
{
"status": "affected",
"version": "KERNEL 7.89"
},
{
"status": "affected",
"version": "KERNEL 7.91"
},
{
"status": "affected",
"version": "KERNEL 7.92"
},
{
"status": "affected",
"version": "KERNEL 7.93"
},
{
"status": "affected",
"version": "KERNEL 8.04"
},
{
"status": "affected",
"version": "KERNEL64UC 7.22"
},
{
"status": "affected",
"version": "KERNEL64UC 7.22EXT"
},
{
"status": "affected",
"version": "KERNEL64UC 7.53"
},
{
"status": "affected",
"version": "KERNEL64UC 8.04"
},
{
"status": "affected",
"version": "KERNEL64NUC 7.22"
},
{
"status": "affected",
"version": "KERNEL64NUC 7.22EXT"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Web Dispatcher",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.54"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.89"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Content Server",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "6.50"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.54"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP HANA Database",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "2.00"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Host Agent",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "722"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Extended Application Services and Runtime (XSA)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_EXTENDED_APP_SERVICES 1"
},
{
"status": "affected",
"version": "XS_ADVANCED_RUNTIME 1.00"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAPSSOEXT",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.\u003c/p\u003e"
}
],
"value": "SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-28T22:10:46.845Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3340576"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP CommonCryptoLib",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-40309",
"datePublished": "2023-09-12T02:21:19.058Z",
"dateReserved": "2023-08-14T07:36:04.796Z",
"dateUpdated": "2024-09-28T22:10:46.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40610 (GCVE-0-2023-40610)
Vulnerability from cvelistv5 – Published: 2023-11-27 10:22 – Updated: 2025-06-03 13:59
VLAI
Title
Apache Superset: Privilege escalation with default examples database
Summary
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.
Severity
6.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Affected:
0 , < 2.1.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/27/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40610",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:59:25.937531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:59:39.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LEXFO for Orange Innovation and Orange CERT-CC at Orange group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authorization check and possible privilege escalation on Apache Superset\u0026nbsp;up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset\u0027s metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper authorization check and possible privilege escalation on Apache Superset\u00a0up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset\u0027s metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T16:49:59.636Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/27/2"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Superset: Privilege escalation with default examples database",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-40610",
"datePublished": "2023-11-27T10:22:41.083Z",
"dateReserved": "2023-08-17T12:56:13.976Z",
"dateUpdated": "2025-06-03T13:59:39.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40611 (GCVE-0-2023-40611)
Vulnerability from cvelistv5 – Published: 2023-09-12 11:05 – Updated: 2025-06-25 13:39
VLAI
Title
Apache Airflow Dag Runs Broken Access Control Vulnerability
Summary
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
0 , < 2.7.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/airflow/pull/33413"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-40611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T13:36:48.959564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T13:39:24.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.7.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "happyhacking"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows\u0026nbsp;authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u003cbr\u003e\u003cbr\u003eUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.\u003cbr\u003e"
}
],
"value": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows\u00a0authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-12T15:06:15.442Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/33413"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow Dag Runs Broken Access Control Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-40611",
"datePublished": "2023-09-12T11:05:22.841Z",
"dateReserved": "2023-08-17T14:01:13.240Z",
"dateUpdated": "2025-06-25T13:39:24.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.