Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,772)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-31027 1Jupyter 1Oauthenticator Nov 21, 2024 Jun 9, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to rest...Show more OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the email field provided to us by CILogon has a domain that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does not verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a breaking change in how `allowed_idps` is interpreted. It's no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade.Show less
CVE-2022-1996 2Fedoraproject Go Restful Project 2Fedora Go Restful Nov 21, 2024 Jun 8, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
CVE-2022-29627 1Online Market Place Site Project 1Online Market Place Site Nov 21, 2024 Jun 2, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.
CVE-2022-1949 2Fedoraproject Redhat 4389 Directory Server Directory ServerEnterprise Linux+1 more Dec 13, 2024 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass....Show more An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.Show less
CVE-2022-30495 1Automotive Shop Management System Project 1Automotive Shop Management System Nov 21, 2024 May 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
CVE-2022-1810 1Publify Project 1Publify Nov 21, 2024 May 23, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
CVE-2022-29434 1Spiffyplugins 1Spiffy Calendar Feb 20, 2025 May 20, 2022 N/A· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.
CVE-2022-29159 1Nextcloud 1Deck Nov 21, 2024 May 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another...Show more Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions 1.4.8, 1.5.6, and 1.6.1. There are no known currently-known workarounds available.Show less
CVE-2022-1425 12code 1Wpqa Builder Nov 21, 2024 May 16, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading...Show more The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability.Show less
CVE-2022-27247 1Cdsoft 1Winhotel.mx Nov 21, 2024 May 13, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecu...Show more onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.Show less
CVE-2022-1352 1Gitlab 1Gitlab Nov 21, 2024 May 11, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a use...Show more Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.Show less
CVE-2022-29008 1Phpgurukul 1Bus Pass Management System Nov 21, 2024 May 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
CVE-2022-28986 1Lmsdoctor 12 Factor Authentication Nov 21, 2024 May 10, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, pas...Show more LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.Show less
CVE-2022-23061 1Shopizer 1Shopizer Nov 21, 2024 May 1, 2022 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
CVE-2021-24800 1Designwall 1Dw Question & Answer Nov 21, 2024 Apr 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
CVE-2022-1461 1Open Emr 1Openemr Nov 21, 2024 Apr 25, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
CVE-2022-1459 1Open Emr 1Openemr Nov 21, 2024 Apr 25, 2022 N/A· v4 8.3 HIGH· v3 5.5 MEDIUM· v2 Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
CVE-2022-26665 1Tylertech 1Odyssey Portal Nov 21, 2024 Apr 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.
CVE-2022-29287 1Kentico 1Xperience Dec 19, 2025 Apr 16, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher...Show more Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).Show less
CVE-2022-22190 1Juniper 1Paragon Active Assurance Control Center Nov 21, 2024 Apr 14, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensit...Show more An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.Show less

Previous 1...767778...89 Next