Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,772)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-3813 1Chatwoot 1Chatwoot Nov 21, 2024 Feb 9, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
CVE-2022-21713 3Fedoraproject GrafanaNetapp 3E Series Performance Analyzer FedoraGrafana Nov 21, 2024 Feb 8, 2022 N/A· v4 4.3 MEDIUM· v3 3.5 LOW· v2 Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticate...Show more Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.Show less
CVE-2021-25096 1Ip2location 1Country Blocker Nov 21, 2024 Feb 7, 2022 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL
CVE-2022-22832 1Servisnet 1Tessa Nov 21, 2024 Feb 6, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
CVE-2021-41608 1Classapps 1Selectsurvey.net Nov 21, 2024 Jan 28, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of th...Show more A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.Show less
CVE-2022-22828 1Synametrics 1Synaman Nov 21, 2024 Jan 27, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
CVE-2022-23856 1Saviynt 1Enterprise Identity Cloud Nov 21, 2024 Jan 24, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.
CVE-2022-0266 1Livehelperchat 1Live Helper Chat Nov 21, 2024 Jan 19, 2022 N/A· v4 6.6 MEDIUM· v3 6.0 MEDIUM· v2 Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
CVE-2021-44836 1Deltarm 1Delta Rm Nov 21, 2024 Jan 18, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID paramet...Show more An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.Show less
CVE-2021-3965 1Hp 27Designjet T1530 L2y23a Firmware Designjet T1530 L2y24a FirmwareDesignjet T1530 L2y24b Firmware+24 more Nov 21, 2024 Jan 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.
CVE-2021-3852 1Weseek 1Growi Nov 21, 2024 Jan 12, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 growi is vulnerable to Authorization Bypass Through User-Controlled Key
CVE-2021-45428 1Telesquare 1Tlr 2005ksh Firmware Nov 21, 2024 Jan 3, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
CVE-2021-44160 1Cth 1Carinal Tien Hospital Health Report System Nov 21, 2024 Dec 29, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker c...Show more Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.Show less
CVE-2021-40579 1Online Enrollment Management System Project 1Online Enrollment Management System Nov 21, 2024 Dec 28, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).
CVE-2021-24739 1Shapedplugin 1Logo Carousel Nov 21, 2024 Dec 21, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
CVE-2021-43828 1Patrowl 1Patrowlmanager Nov 21, 2024 Dec 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed un...Show more PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.Show less
CVE-2021-43820 1Seafile 1Seafile Server Nov 21, 2024 Dec 14, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiv...Show more Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any known library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.Show less
CVE-2021-44949 1Glfusion 1Glfusion Nov 21, 2024 Dec 14, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
CVE-2021-39934 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting fro...Show more Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.Show less
CVE-2021-39916 1Gitlab 1Gitlab Nov 21, 2024 Dec 13, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions s...Show more Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.Show less

Previous 1...787980...89 Next