Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,770)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15203 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVE-2017-15202 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVE-2017-15201 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVE-2017-15200 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVE-2017-15199 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVE-2017-15197 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVE-2017-15196 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVE-2017-15195 1Kanboard 1Kanboard May 13, 2026 Oct 11, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVE-2017-0882 1Gitlab 1Gitlab May 13, 2026 Mar 28, 2017 N/A· v4 6.3 MEDIUM· v3 4.0 MEDIUM· v2 Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59...Show more Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.Show less
CVE-2012-5571 1Openstack 2Essex Folsom Apr 29, 2026 Dec 18, 2012 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Com...Show more A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.Show less

Previous 1...85 86 87 8889