Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-0689 1Wpmet 1Metform Elementor Contact Form Builder Apr 8, 2026 Aug 31, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscr...Show more The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name.Show less
CVE-2023-38201 3Fedoraproject KeylimeRedhat 9Enterprise Linux Enterprise Linux EusEnterprise Linux For Ibm Z Systems+6 more Nov 21, 2024 Aug 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a mon...Show more A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.Show less
CVE-2023-32078 2Gravitl Netmaker 2Netmaker Netmaker May 18, 2026 Aug 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was...Show more Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.Show less
CVE-2023-27576 1Phplist 1Phplist Nov 21, 2024 Aug 18, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin...Show more An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover.Show less
CVE-2023-28481 1Tigergraph 1Tigergraph Nov 21, 2024 Aug 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys fi...Show more An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key.Show less
CVE-2023-37543 1Cacti 1Cacti Nov 21, 2024 Aug 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
CVE-2023-2958 1Orjinyazilim 1Ats Pro Nov 21, 2024 Jul 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.
CVE-2023-3700 1Easyappointments 1Easy!appointments Nov 21, 2024 Jul 17, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2190 1Gitlab 1Gitlab Nov 21, 2024 Jul 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible fo...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.Show less
CVE-2023-3105 1Learndash 1Learndash Apr 8, 2026 Jul 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user byp...Show more The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts.Show less
CVE-2023-30960 1Palantir 1Foundry Job Tracker Nov 21, 2024 Jul 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. T...Show more A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. Show less
CVE-2023-30956 1Palantir 1Foundry Comments Nov 21, 2024 Jul 10, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was res...Show more A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. Show less
CVE-2023-3219 1Myeventon 1Eventon Nov 21, 2024 Jul 10, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublishe...Show more The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.Show less
CVE-2023-37242 1Huawei 2Emui Harmonyos Nov 21, 2024 Jul 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of o...Show more Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.Show less
CVE-2022-42175 1Soluslabs 1Solusvm Nov 21, 2024 Jul 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.
CVE-2023-3063 1Smartypantsplugins 1Sp Project & Document Manager Apr 8, 2026 Jun 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, let...Show more The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.Show less
CVE-2022-48505 1Apple 1Macos Nov 27, 2024 Jun 28, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system
CVE-2023-32352 1Apple 4Ipados Iphone OsMacos+1 more Dec 5, 2024 Jun 23, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.
CVE-2023-23679 1Jshelpdesk 1Jshelpdesk Apr 28, 2026 Jun 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.
CVE-2023-26428 1Open Xchange 1Open Xchange Appsuite Backend Nov 21, 2024 Jun 20, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improve...Show more Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known. Show less

Previous 1...686970...89 Next