Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21981 - - Aug 15, 2024 Aug 13, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss o...Show more Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.Show less
CVE-2024-39642 - - Aug 13, 2024 Aug 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
CVE-2024-7658 1Projectsend 1Projectsend Jan 13, 2025 Aug 12, 2024 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource...Show more A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component.Show less
CVE-2024-3035 1Gitlab 1Gitlab Aug 29, 2024 Aug 8, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repos...Show more A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.Show less
CVE-2024-6357 1Opentext 1Arcsight Intelligence Aug 19, 2024 Aug 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
CVE-2024-7438 1Simplemachines 1Simple Machines Forum Sep 11, 2024 Aug 3, 2024 5.3 MEDIUM· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of th...Show more A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-7437 1Simplemachines 1Simple Machines Forum Sep 11, 2024 Aug 3, 2024 5.3 MEDIUM· v4 4.3 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User H...Show more A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-41254 1Litestream 1Litestream Oct 29, 2024 Jul 31, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2024-38701 1Kodezen 1Academy Lms Nov 21, 2024 Jul 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
CVE-2024-34457 1Apache 1Streampark Nov 21, 2024 Jul 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation:...Show more On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4Show less
CVE-2024-5977 1Givewp 1Givewp Nov 21, 2024 Jul 19, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing va...Show more The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to delete and update arbitrary posts.Show less
CVE-2024-5619 - - Jun 3, 2026 Jul 18, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apinizer Ma...Show more Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apinizer Management Console: before 2024.05.1.Show less
CVE-2024-38447 1Ncia 1Advisor Network Jun 20, 2025 Jul 17, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
CVE-2024-38446 1Ncia 1Advisor Network Jun 20, 2025 Jul 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via...Show more NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.Show less
CVE-2024-6410 1Metagauss 1Profilegrid Apr 8, 2026 Jul 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing...Show more The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user.Show less
CVE-2024-39901 1Opensearch 1Observability Nov 21, 2024 Jul 9, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks....Show more OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.Show less
CVE-2024-39900 1Opensearch 1Observability Nov 21, 2024 Jul 9, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. Th...Show more OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.Show less
CVE-2024-39897 1Zotregistry 1Zot Apr 23, 2025 Jul 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but re...Show more zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlob()` allows read access to any blob without access control check. If a Zot `accessControl` policy allows users read access to some repositories but restricts read access to other repositories and `dedupe` is enabled (it is enabled by default), then an attacker who knows the name of an image and the digest of a blob (that they do not have read access to), they may maliciously read it via a second repository they do have read access to. This attack is possible because [`ImageStore.CheckBlob()` calls `checkCacheBlob()`](https://github.com/project-zot/zot/blob/v2.1.0-rc2/pkg/storage/imagestore/imagestore.go#L1158-L1159) to find the blob a global cache by searching for the digest. If it is found, it is copied to the user requested repository with `copyBlob()`. The attack may be mitigated by configuring "dedupe": false in the "storage" settings. The vulnerability is fixed in 2.1.0.Show less
CVE-2024-21759 1Fortinet 1Fortiportal Nov 21, 2024 Jul 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
CVE-2023-3290 1Easyappointments 1Easy!appointments Nov 21, 2024 Jul 9, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.

Previous 1...575859...89 Next