CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2024-28098 (GCVE-0-2024-28098)
Vulnerability from cvelistv5 – Published: 2024-03-12 18:15 – Updated: 2025-02-13 17:47
VLAI
Title
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Summary
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.
This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0.
2.10 Apache Pulsar users should upgrade to at least 2.10.6.
2.11 Apache Pulsar users should upgrade to at least 2.11.4.
3.0 Apache Pulsar users should upgrade to at least 3.0.3.
3.1 Apache Pulsar users should upgrade to at least 3.1.3.
3.2 Apache Pulsar users should upgrade to at least 3.2.1.
Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.
Severity
6.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/3m6923y3wxpdcs934… | mailing-list |
| https://pulsar.apache.org/security/CVE-2024-28098/ | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/0… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Pulsar |
Affected:
2.7.1 , < 2.10.6
(semver)
Affected: 2.11.0 , < 2.11.4 (semver) Affected: 3.0.0 , < 3.0.3 (semver) Affected: 3.1.0 , < 3.1.3 (semver) Affected: 3.2.0 , < 3.2.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T18:37:12.167881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:35.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:48.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/3m6923y3wxpdcs9346sjvt8ql9swqc2z"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pulsar.apache.org/security/CVE-2024-28098/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.10.6",
"status": "affected",
"version": "2.7.1",
"versionType": "semver"
},
{
"lessThan": "2.11.4",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.3",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.2.1",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \u003cbr\u003e\u003cbr\u003e2.10 Apache Pulsar users should upgrade to at least 2.10.6.\u003cbr\u003e2.11 Apache Pulsar users should upgrade to at least 2.11.4.\u003cbr\u003e3.0 Apache Pulsar users should upgrade to at least 3.0.3.\u003cbr\u003e3.1 Apache Pulsar users should upgrade to at least 3.1.3.\u003cbr\u003e3.2 Apache Pulsar users should upgrade to at least 3.2.1.\u003cbr\u003e\u003cbr\u003eUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\u003cbr\u003e"
}
],
"value": "The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.\n\nThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Apache Pulsar users should upgrade to at least 2.10.6.\n2.11 Apache Pulsar users should upgrade to at least 2.11.4.\n3.0 Apache Pulsar users should upgrade to at least 3.0.3.\n3.1 Apache Pulsar users should upgrade to at least 3.1.3.\n3.2 Apache Pulsar users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:06:43.771Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/3m6923y3wxpdcs9346sjvt8ql9swqc2z"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://pulsar.apache.org/security/CVE-2024-28098/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/12"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Pulsar: Improper Authorization For Topic-Level Policy Management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-28098",
"datePublished": "2024-03-12T18:15:39.848Z",
"dateReserved": "2024-03-04T08:43:49.387Z",
"dateUpdated": "2025-02-13T17:47:15.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28148 (GCVE-0-2024-28148)
Vulnerability from cvelistv5 – Published: 2024-05-07 13:33 – Updated: 2024-08-02 00:48
VLAI
Title
Apache Superset: Incorrect datasource authorization on explore REST API
Summary
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.
Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/n27wlbd05oc6bgjh2… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Affected:
0 , < 3.1.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:25:54.631377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:19.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Pedro Vaz Gaspar"
},
{
"lang": "en",
"type": "finder",
"value": "Krishna Nadh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.\u003c/span\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Apache Superset: before 3.1.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.\u003c/p\u003e"
}
],
"value": "An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.\n\nUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-08T08:31:49.341Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Superset: Incorrect datasource authorization on explore REST API ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-28148",
"datePublished": "2024-05-07T13:33:42.137Z",
"dateReserved": "2024-03-05T16:22:48.531Z",
"dateUpdated": "2024-08-02T00:48:49.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29834 (GCVE-0-2024-29834)
Vulnerability from cvelistv5 – Published: 2024-04-02 19:24 – Updated: 2025-02-13 17:47
VLAI
Title
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Summary
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.
This issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1.
3.0 Apache Pulsar users should upgrade to at least 3.0.4.
3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2.
Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.
Severity
6.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://pulsar.apache.org/security/CVE-2024-29834/ | vendor-advisory |
| https://lists.apache.org/thread/v0ltl94k9lg28qfr1… | mailing-list |
| http://www.openwall.com/lists/oss-security/2024/04/02/2 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Pulsar |
Affected:
2.7.1 , ≤ 2.10.6
(semver)
Affected: 2.11.0 , ≤ 2.11.4 (semver) Affected: 3.0.0 , < 3.0.4 (semver) Affected: 3.1.0 , ≤ 3.1.3 (semver) Affected: 3.2.0 , < 3.2.2 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:57.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pulsar.apache.org/security/CVE-2024-29834/"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/v0ltl94k9lg28qfr1f54hpkvvsjc5bj5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/02/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:59:54.857505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:33:25.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.10.6",
"status": "affected",
"version": "2.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.11.4",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "3.0.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.1.3",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cdiv\u003e\u003cdiv\u003eThis vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.\u003c/div\u003e\u003c/div\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1. \u003cbr\u003e\u003cbr\u003e3.0 Apache Pulsar users should upgrade to at least 3.0.4.\u003cbr\u003e3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2.\u003cbr\u003e\u003cbr\u003eUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions."
}
],
"value": "This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.\n\nThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1. \n\n3.0 Apache Pulsar users should upgrade to at least 3.0.4.\n3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:06:33.488Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pulsar.apache.org/security/CVE-2024-29834/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/v0ltl94k9lg28qfr1f54hpkvvsjc5bj5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/02/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29834",
"datePublished": "2024-04-02T19:24:46.473Z",
"dateReserved": "2024-03-20T16:45:27.305Z",
"dateUpdated": "2025-02-13T17:47:43.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29892 (GCVE-0-2024-29892)
Vulnerability from cvelistv5 – Published: 2024-03-27 19:59 – Updated: 2024-08-13 14:07
VLAI
Title
ZITADEL's actions can overload reserved claims
Summary
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.
Severity
6.1 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/zitadel/zitadel/security/advis… | x_refsource_CONFIRM |
| https://github.com/zitadel/zitadel/releases/tag/v… | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v… | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v2.44.7 | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v2.45.5 | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v2.46.5 | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v2.47.8 | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v2.48.3 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.42.17",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.42.17"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.43.11",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.43.11"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.44.7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.44.7"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.45.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.5"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.46.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.5"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.47.8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.8"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.48.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.48.3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zitadel",
"vendor": "zitadel",
"versions": [
{
"lessThan": "2.42.17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.43.11",
"status": "affected",
"version": "2.43.0",
"versionType": "custom"
},
{
"lessThan": "2.44.7",
"status": "affected",
"version": "2.44.0",
"versionType": "custom"
},
{
"lessThan": "2.45.5",
"status": "affected",
"version": "2.45.0",
"versionType": "custom"
},
{
"lessThan": "2.46.5",
"status": "affected",
"version": "2.46.0",
"versionType": "custom"
},
{
"lessThan": "2.47.8",
"status": "affected",
"version": "2.47.0",
"versionType": "custom"
},
{
"lessThan": "2.48.3",
"status": "affected",
"version": "2.48.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:21:49.100701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:07:12.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zitadel",
"vendor": "zitadel",
"versions": [
{
"status": "affected",
"version": "\u003c 2.42.17"
},
{
"status": "affected",
"version": "\u003e= 2.43.0, \u003c 2.43.11"
},
{
"status": "affected",
"version": "\u003e= 2.44.0, \u003c 2.44.7"
},
{
"status": "affected",
"version": "\u003e= 2.45.0, \u003c 2.45.5"
},
{
"status": "affected",
"version": "\u003e= 2.46.0, \u003c 2.46.5"
},
{
"status": "affected",
"version": "\u003e= 2.47.0, \u003c 2.47.8"
},
{
"status": "affected",
"version": "\u003e= 2.48.0, \u003c 2.48.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T19:59:24.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.42.17",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.42.17"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.43.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.43.11"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.44.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.44.7"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.45.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.5"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.46.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.5"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.47.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.8"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.48.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.48.3"
}
],
"source": {
"advisory": "GHSA-gp8g-f42f-95q2",
"discovery": "UNKNOWN"
},
"title": "ZITADEL\u0027s actions can overload reserved claims"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29892",
"datePublished": "2024-03-27T19:59:24.734Z",
"dateReserved": "2024-03-21T15:12:08.998Z",
"dateUpdated": "2024-08-13T14:07:12.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3033 (GCVE-0-2024-3033)
Vulnerability from cvelistv5 – Published: 2024-06-06 17:32 – Updated: 2024-11-03 18:27
VLAI
Title
Improper Authorization in mintplex-labs/anything-llm
Summary
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names.
Severity
9.1 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mintplex-labs | mintplex-labs/anything-llm |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anythingllm",
"vendor": "mintplexlabs",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3033",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:39:19.817781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:41:42.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/8a98a0b4-7886-41c5-8624-fc5c21972e5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mintplex-labs/anything-llm",
"vendor": "mintplex-labs",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the \u0027/api/v/\u0027 endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-03T18:27:21.567Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/8a98a0b4-7886-41c5-8624-fc5c21972e5a"
},
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a"
}
],
"source": {
"advisory": "8a98a0b4-7886-41c5-8624-fc5c21972e5a",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in mintplex-labs/anything-llm"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-3033",
"datePublished": "2024-06-06T17:32:35.718Z",
"dateReserved": "2024-03-27T20:19:05.762Z",
"dateUpdated": "2024-11-03T18:27:21.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31409 (GCVE-0-2024-31409)
Vulnerability from cvelistv5 – Published: 2024-05-15 20:00 – Updated: 2025-08-07 18:26
VLAI
Title
CyberPower PowerPanel business Incorrect Authorization
Summary
Certain MQTT wildcards are not blocked on the
CyberPower PowerPanel
system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
Severity
6.5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel business |
Affected:
0 , < 4.9.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powerpanel_business",
"vendor": "cyberpower",
"versions": [
{
"lessThan": "4.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T18:48:30.373199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:52.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPanel business",
"vendor": "CyberPower",
"versions": [
{
"lessThan": "4.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\nCertain MQTT wildcards are not blocked on the \nCyberPower PowerPanel\n\nsystem, which might result in an attacker obtaining data from throughout the system after gaining access to any device.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Certain MQTT wildcards are not blocked on the \nCyberPower PowerPanel\n\nsystem, which might result in an attacker obtaining data from throughout the system after gaining access to any device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T18:26:54.578Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\"\u003ehttps://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
}
],
"source": {
"advisory": "ICSA-24-123-01",
"discovery": "EXTERNAL"
},
"title": "CyberPower PowerPanel business Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-31409",
"datePublished": "2024-05-15T20:00:22.532Z",
"dateReserved": "2024-04-29T16:47:22.337Z",
"dateUpdated": "2025-08-07T18:26:54.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31441 (GCVE-0-2024-31441)
Vulnerability from cvelistv5 – Published: 2024-05-10 14:43 – Updated: 2024-08-02 01:52
VLAI
Title
Arbitrary File Reading in DataEase
Summary
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19.
Severity
7.5 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dataease/dataease/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataease_project:dataease:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataease",
"vendor": "dataease_project",
"versions": [
{
"lessThan": "1.18.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31441",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T12:42:05.759062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:03.004Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dataease",
"vendor": "dataease",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-10T14:43:23.863Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-7wg6-p5wh"
}
],
"source": {
"advisory": "GHSA-h7hj-7wg6-p5wh",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Reading in DataEase"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31441",
"datePublished": "2024-05-10T14:43:23.863Z",
"dateReserved": "2024-04-03T17:55:32.644Z",
"dateUpdated": "2024-08-02T01:52:56.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31452 (GCVE-0-2024-31452)
Vulnerability from cvelistv5 – Published: 2024-04-16 21:40 – Updated: 2024-08-02 01:52
VLAI
Title
OpenFGA Authorization Bypass
Summary
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. `a but not b`) or intersection (e.g. `a and b`). This vulnerability is fixed in v1.5.3.
Severity
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openfga/openfga/security/advis… | x_refsource_CONFIRM |
| https://github.com/openfga/openfga/commit/b6a6d99… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openfga:openfga:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "openfga",
"vendor": "openfga",
"versions": [
{
"lessThan": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T15:44:01.928284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:01.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r"
},
{
"name": "https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openfga",
"vendor": "openfga",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.0, \u003c 1.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. `a but not b`) or intersection (e.g. `a and b`). This vulnerability is fixed in v1.5.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T21:40:58.856Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r"
},
{
"name": "https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2"
}
],
"source": {
"advisory": "GHSA-8cph-m685-6v6r",
"discovery": "UNKNOWN"
},
"title": "OpenFGA Authorization Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31452",
"datePublished": "2024-04-16T21:40:58.856Z",
"dateReserved": "2024-04-03T17:55:32.646Z",
"dateUpdated": "2024-08-02T01:52:56.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31990 (GCVE-0-2024-31990)
Vulnerability from cvelistv5 – Published: 2024-04-15 19:52 – Updated: 2024-08-02 01:59
VLAI
Title
Argo CD' API server does not enforce project sourceNamespaces
Summary
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.
Severity
4.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/argoproj/argo-cd/security/advi… | x_refsource_CONFIRM |
| https://github.com/argoproj/argo-cd/commit/c51410… | x_refsource_MISC |
| https://github.com/argoproj/argo-cd/commit/c5a252… | x_refsource_MISC |
| https://github.com/argoproj/argo-cd/commit/e0ff56… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:argo-cd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "argo-cd",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:46:24.506220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:59.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "argo-cd",
"vendor": "argoproj",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.7"
},
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.12"
},
{
"status": "affected",
"version": "\u003e= 2.4.0, \u003c 2.8.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T19:52:55.718Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5"
},
{
"name": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17"
}
],
"source": {
"advisory": "GHSA-2gvw-w6fj-7m3c",
"discovery": "UNKNOWN"
},
"title": "Argo CD\u0027 API server does not enforce project sourceNamespaces"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31990",
"datePublished": "2024-04-15T19:52:55.718Z",
"dateReserved": "2024-04-08T13:48:37.491Z",
"dateUpdated": "2024-08-02T01:59:50.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32470 (GCVE-0-2024-32470)
Vulnerability from cvelistv5 – Published: 2024-04-18 15:05 – Updated: 2024-08-02 02:13
VLAI
Title
Tolgee' API keys created by server admin users bypass the permission check
Summary
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4.
Severity
6.5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tolgee/tolgee-platform/securit… | x_refsource_CONFIRM |
| https://github.com/tolgee/tolgee-platform/securit… | x_refsource_MISC |
| https://github.com/tolgee/tolgee-platform/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tolgee | tolgee-platform |
Affected:
>= 3.57.2, < 3.57.4
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tolgee:tolgee:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tolgee",
"vendor": "tolgee",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T00:20:13.964082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:17.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw"
},
{
"name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc"
},
{
"name": "https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tolgee-platform",
"vendor": "tolgee",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.57.2, \u003c 3.57.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T15:05:26.408Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw"
},
{
"name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc"
},
{
"name": "https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234"
}
],
"source": {
"advisory": "GHSA-pm57-hcm8-38gw",
"discovery": "UNKNOWN"
},
"title": "Tolgee\u0027 API keys created by server admin users bypass the permission check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32470",
"datePublished": "2024-04-18T15:05:26.408Z",
"dateReserved": "2024-04-12T19:41:51.167Z",
"dateUpdated": "2024-08-02T02:13:39.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.