Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5504 vulnerabilities reference this CWE, most recent first.

GHSA-JGQJ-5GGG-RGG4

Vulnerability from github – Published: 2026-03-29 15:30 – Updated: 2026-03-29 15:30
VLAI
Details

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-29T13:17:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.",
  "id": "GHSA-jgqj-5ggg-rgg4",
  "modified": "2026-03-29T15:30:19Z",
  "published": "2026-03-29T15:30:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf6w-m8jw-jfxc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32919"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-session-reset-via-agent-slash-commands"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JGQJ-HR6F-2P53

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-10-27 19:00
VLAI
Details

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissions_callback used in this file only checked for the edit_posts capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-02T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Gutenberg Template Library \u0026 Redux Framework plugin \u003c= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the \u201credux/v1/templates/\u201d REST Route in \u201credux-templates/classes/class-api.php\u201d. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.",
  "id": "GHSA-jgqj-hr6f-2p53",
  "modified": "2022-10-27T19:00:39Z",
  "published": "2022-05-24T22:28:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38312"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JGW5-RV3F-4326

Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-09 00:00
VLAI
Details

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-26T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.",
  "id": "GHSA-jgw5-rv3f-4326",
  "modified": "2022-06-09T00:00:22Z",
  "published": "2022-05-27T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29633"
    },
    {
      "type": "WEB",
      "url": "https://github.com/awake1t/linglong"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JGWH-R9RP-8372

Vulnerability from github – Published: 2023-08-09 21:30 – Updated: 2024-04-04 06:45
VLAI
Details

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-09T20:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.",
  "id": "GHSA-jgwh-r9rp-8372",
  "modified": "2024-04-04T06:45:49Z",
  "published": "2023-08-09T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33468"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468"
    },
    {
      "type": "WEB",
      "url": "http://kramerav.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH36-7VGG-MWM2

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-27T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.",
  "id": "GHSA-jh36-7vgg-mwm2",
  "modified": "2022-07-13T00:01:39Z",
  "published": "2022-05-24T19:15:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40104"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1102088"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHC8-V2X5-JVJ5

Vulnerability from github – Published: 2024-06-12 09:30 – Updated: 2024-06-27 03:30
VLAI
Details

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.

In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-12T08:15:50Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the \"forwardable\" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.\n\nIn FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.",
  "id": "GHSA-jhc8-v2x5-jvj5",
  "modified": "2024-06-27T03:30:55Z",
  "published": "2024-06-12T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2698"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3754"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3755"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3757"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3759"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2698"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270353"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI"
    },
    {
      "type": "WEB",
      "url": "https://www.freeipa.org/release-notes/4-12-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHCX-MW62-QXXM

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-17 06:30
VLAI
Details

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.",
  "id": "GHSA-jhcx-mw62-qxxm",
  "modified": "2022-11-17T06:30:20Z",
  "published": "2022-11-15T12:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42978"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHFM-VPJ4-VJ2F

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2023-06-27 21:30
VLAI
Details

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.",
  "id": "GHSA-jhfm-vpj4-vj2f",
  "modified": "2023-06-27T21:30:44Z",
  "published": "2022-02-11T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21825"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX338435"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHJC-78HV-55V9

Vulnerability from github – Published: 2023-02-09 21:30 – Updated: 2023-02-21 18:30
VLAI
Details

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-09T19:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.",
  "id": "GHSA-jhjc-78hv-55v9",
  "modified": "2023-02-21T18:30:25Z",
  "published": "2023-02-09T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21424"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHP7-5V8Q-5544

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2023-05-16 21:30
VLAI
Details

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager \u2013 SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager \u2013 SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).",
  "id": "GHSA-jhp7-5v8q-5544",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T22:28:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35526"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?utm_campaign=\u0026utm_content=2021.08_5051_Cybersecurity%20Advisory%3A\u0026utm_medium=email\u0026utm_source=Eloqua\u0026DocumentID=9AKK107992A4700\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c\u0026elq=1bda419954724e908db108def16646a5\u0026elqaid=3638\u0026elqat=1\u0026elqCampaignId="
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.