Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,772)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2367 1Wsm Downloader Project 1Wsm Downloader Nov 21, 2024 Aug 8, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
CVE-2022-36284 1Storeapps 1Affiliate For Woocommerce Feb 20, 2025 Aug 5, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least ins...Show more Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.Show less
CVE-2022-2499 1Gitlab 1Gitlab Nov 21, 2024 Aug 5, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration...Show more An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.Show less
CVE-2022-1600 1Yop Poll 1Yop Poll Nov 21, 2024 Aug 1, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
CVE-2022-34150 1Micodus 1Mv720 Firmware Nov 21, 2024 Jul 20, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
CVE-2022-33944 1Micodus 1Mv720 Firmware Nov 21, 2024 Jul 20, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.
CVE-2022-2193 1Hypr 1Hypr Server Nov 21, 2024 Jul 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager p...Show more Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.Show less
CVE-2021-24655 1Wpusermanager 1Wp User Manager Nov 21, 2024 Jul 17, 2022 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary v...Show more The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.Show less
CVE-2022-1881 1Octopus 1Octopus Server Nov 21, 2024 Jul 15, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vuln...Show more In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.Show less
CVE-2022-30852 1Withknown 1Known Nov 21, 2024 Jul 8, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).
CVE-2022-1245 1Redhat 1Keycloak Nov 21, 2024 Jul 8, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clie...Show more A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.Show less
CVE-2022-31131 1Nextcloud 1Nextcloud Mail Nov 21, 2024 Jul 6, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Att...Show more Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)Show less
CVE-2022-23173 1Priority Software 1Priority Nov 21, 2024 Jul 6, 2022 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the appl...Show more this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed.Show less
CVE-2022-2243 1Gitlab 1Gitlab Nov 21, 2024 Jul 1, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry proje...Show more An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.Show less
CVE-2022-31883 1Marvalglobal 1Marval Msm Nov 21, 2024 Jun 28, 2022 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
CVE-2022-0624 1Parse Path Project 1Parse Path Nov 21, 2024 Jun 28, 2022 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
CVE-2017-20101 1Projectsend 1Projectsend Nov 21, 2024 Jun 27, 2022 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information...Show more A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.Show less
CVE-2022-1614 1Wp Email Project 1Wp Email Nov 21, 2024 Jun 20, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.
CVE-2022-31295 1Razormist 1Online Discussion Forum Site Apr 22, 2025 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.
CVE-2022-30760 1Ihb Eg 1Fn2web Nov 21, 2024 Jun 9, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by chan...Show more An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.Show less

Previous 1...757677...89 Next