Search criteria
3 vulnerabilities found for vulnerability-lookup by vulnerability-lookup
GCVE-1-2026-0014
Vulnerability from gna-1 – Published: 2026-02-04 19:32 – Updated: 2026-02-04 19:32
VLAI?
Title
Missing Authorization Check Allows Unauthorized Modification of Vulnerability Disclosure Reports
Summary
A missing authorization check in the /disclosure/edit/<id> POST endpoint allows authenticated users to modify vulnerability disclosure reports submitted by other users. The endpoint did not verify that the authenticated user was the original reporter of the disclosure, resulting in an improper authorization vulnerability. An attacker with a valid account could exploit this issue to edit arbitrary vulnerability disclosure reports by submitting crafted requests. The issue was resolved by enforcing authentication and validating ownership of the disclosure before permitting modifications.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vulnerability-lookup | vulnerability-lookup |
Affected:
≤ 3.0
|
Credits
nyanbinary <@nyanbinary@infosec.exchange>
Cedric Bonhomme
Claude Sonnet 4.5 <noreply@anthropic.com>
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vulnerability-lookup",
"vendor": "vulnerability-lookup",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nyanbinary \u003c@nyanbinary@infosec.exchange\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Cedric Bonhomme"
},
{
"lang": "en",
"type": "other",
"value": "Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization check in the \u003ccode\u003e/disclosure/edit/\u0026lt;id\u0026gt;\u003c/code\u003e POST endpoint allows authenticated users to modify vulnerability disclosure reports submitted by other users. The endpoint did not verify that the authenticated user was the original reporter of the disclosure, resulting in an improper authorization vulnerability. An attacker with a valid account could exploit this issue to edit arbitrary vulnerability disclosure reports by submitting crafted requests. The issue was resolved by enforcing authentication and validating ownership of the disclosure before permitting modifications.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A missing authorization check in the /disclosure/edit/\u003cid\u003e POST endpoint allows authenticated users to modify vulnerability disclosure reports submitted by other users. The endpoint did not verify that the authenticated user was the original reporter of the disclosure, resulting in an improper authorization vulnerability. An attacker with a valid account could exploit this issue to edit arbitrary vulnerability disclosure reports by submitting crafted requests. The issue was resolved by enforcing authentication and validating ownership of the disclosure before permitting modifications."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/1771b42ac05a833e2bf1d7743c6ad3d7e0d12920"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization Check Allows Unauthorized Modification of Vulnerability Disclosure Reports",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0014"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-02-04T19:32:14.341383Z",
"dateUpdated": "2026-02-04T19:32:14.341383Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2026-0014",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-02-04T19:32:14.341383Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0013
Vulnerability from gna-1 – Published: 2026-02-04 19:27 – Updated: 2026-02-04 19:32
VLAI?
Title
Flask Application Username Route Collision Allows Reserved Path Registration
Summary
A route collision vulnerability exists in a Flask-based web application where parameterized user profile routes (e.g., /user/<login>) coexist with fixed functional routes under the same prefix (e.g., /user/profile, /user/bundles). Due to Flask’s route resolution behavior, attackers could register accounts using usernames matching reserved route paths.
By registering such usernames, an attacker could render their profile inaccessible and potentially mask or interfere with legitimate application endpoints, leading to denial of access to functionality and confusion in routing behavior.
The vulnerability stems from insufficient validation of usernames during account creation and profile updates. It is mitigated by introducing a case-insensitive reserved username list corresponding to existing /user/ routes and enforcing validation at the form and model layers to prevent registration or use of these reserved identifiers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vulnerability-lookup | vulnerability-lookup |
Affected:
≤ 3.0
|
Credits
nyanbinary <@nyanbinary@infosec.exchange>
Cedric Bonhomme
Claude Sonnet 4.5 <noreply@anthropic.com>
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vulnerability-lookup",
"vendor": "vulnerability-lookup",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nyanbinary \u003c@nyanbinary@infosec.exchange\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Cedric Bonhomme"
},
{
"lang": "en",
"type": "other",
"value": "Claude Sonnet 4.5 \u003cnoreply@anthropic.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA route collision vulnerability exists in a Flask-based web application where parameterized user profile routes (e.g., \u003ccode\u003e/user/\u0026lt;login\u0026gt;\u003c/code\u003e) coexist with fixed functional routes under the same prefix (e.g., \u003ccode\u003e/user/profile\u003c/code\u003e, \u003ccode\u003e/user/bundles\u003c/code\u003e). Due to Flask\u2019s route resolution behavior, attackers could register accounts using usernames matching reserved route paths.\u003c/p\u003e\n\u003cp\u003eBy registering such usernames, an attacker could render their profile inaccessible and potentially mask or interfere with legitimate application endpoints, leading to denial of access to functionality and confusion in routing behavior.\u003c/p\u003e\n\u003cp\u003eThe vulnerability stems from insufficient validation of usernames during account creation and profile updates. It is mitigated by introducing a case-insensitive reserved username list corresponding to existing \u003ccode\u003e/user/\u003c/code\u003e routes and enforcing validation at the form and model layers to prevent registration or use of these reserved identifiers.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A route collision vulnerability exists in a Flask-based web application where parameterized user profile routes (e.g., /user/\u003clogin\u003e) coexist with fixed functional routes under the same prefix (e.g., /user/profile, /user/bundles). Due to Flask\u2019s route resolution behavior, attackers could register accounts using usernames matching reserved route paths.\n\n\nBy registering such usernames, an attacker could render their profile inaccessible and potentially mask or interfere with legitimate application endpoints, leading to denial of access to functionality and confusion in routing behavior.\n\n\nThe vulnerability stems from insufficient validation of usernames during account creation and profile updates. It is mitigated by introducing a case-insensitive reserved username list corresponding to existing /user/ routes and enforcing validation at the form and model layers to prevent registration or use of these reserved identifiers."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ec4c3e70f03e5e711856cf3863c596fab2b707ad"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Flask Application Username Route Collision Allows Reserved Path Registration",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0013"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-02-04T19:27:00.000Z",
"dateUpdated": "2026-02-04T19:32:49.787763Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2026-0013",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-02-04T19:27:11.142905Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2026-02-04T19:32:49.787763Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0012
Vulnerability from gna-1 – Published: 2026-02-04 19:21 – Updated: 2026-02-04 19:21
VLAI?
Title
Authentication Error Message Allows Email Address Enumeration
Summary
A user enumeration vulnerability was identified in the authentication logic of the application. When an invalid login was supplied, the system performed an additional check to determine whether the input matched an existing email address and returned a specific error message if so. This behavior allowed unauthenticated attackers to infer whether a given email address was registered, enabling email address enumeration. The issue has been mitigated by removing the email-based check and returning a generic authentication failure message.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vulnerability-lookup | vulnerability-lookup |
Affected:
≤ 3.0
|
Credits
nyanbinary <@nyanbinary@infosec.exchange>
Cedric Bonhomme
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vulnerability-lookup",
"vendor": "vulnerability-lookup",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nyanbinary \u003c@nyanbinary@infosec.exchange\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Cedric Bonhomme"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A user enumeration vulnerability was identified in the authentication logic of the application. When an invalid login was supplied, the system performed an additional check to determine whether the input matched an existing email address and returned a specific error message if so. This behavior allowed unauthenticated attackers to infer whether a given email address was registered, enabling email address enumeration. The issue has been mitigated by removing the email-based check and returning a generic authentication failure message."
}
],
"value": "A user enumeration vulnerability was identified in the authentication logic of the application. When an invalid login was supplied, the system performed an additional check to determine whether the input matched an existing email address and returned a specific error message if so. This behavior allowed unauthenticated attackers to infer whether a given email address was registered, enabling email address enumeration. The issue has been mitigated by removing the email-based check and returning a generic authentication failure message."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ce2d6e7412f01219f117361472e1ef0ce783bc17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Error Message Allows Email Address Enumeration",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0012"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-02-04T19:21:34.411344Z",
"dateUpdated": "2026-02-04T19:21:34.411344Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2026-0012",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-02-04T19:21:34.411344Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}