Common Weakness Enumeration

CWE-290

Allowed

Authentication Bypass by Spoofing

Abstraction: Base · Status: Incomplete

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

927 vulnerabilities reference this CWE, most recent first.

GHSA-4V9X-CQC5-J645

Vulnerability from github – Published: 2026-05-05 17:58 – Updated: 2026-05-05 17:58
VLAI
Summary
Codechecker has an authentication bypass for certain API calls
Details

Summary

Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker.

Details

The following functions are affected under the Authentication endpoint: getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and removePermission.

The vulnerability allows unauthenticated users to execute these function calls with arbitrary arguments. In the logs, the exploit shows as follows:

[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@getAuthorisedNames
[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@addPermission

Impact

An attacker with a CodeChecker user can effectively acquire superuser permissions by calling these endpoints.

Patch

A patch is available at https://github.com/Ericsson/codechecker/releases/tag/v6.27.4.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "codechecker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "6.27.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T17:58:09Z",
    "nvd_published_at": "2026-04-24T14:16:18Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nAuthentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker.\n\n### Details\n\nThe following functions are affected under the Authentication endpoint: `getAuthorisedNames`, `getPermissionsForUser`, `hasPermission`, `addPermission`, and `removePermission`.\n\nThe vulnerability allows unauthenticated users to execute these function calls with arbitrary arguments.\nIn the logs, the exploit shows as follows:\n```\n[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@getAuthorisedNames\n[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@addPermission\n```\n\n### Impact\nAn attacker with a CodeChecker user can effectively acquire superuser permissions by calling these endpoints.\n\n### Patch\nA patch is available at https://github.com/Ericsson/codechecker/releases/tag/v6.27.4.",
  "id": "GHSA-4v9x-cqc5-j645",
  "modified": "2026-05-05T17:58:09Z",
  "published": "2026-05-05T17:58:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25660"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Ericsson/codechecker"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Codechecker has an authentication bypass for certain API calls"
}

GHSA-4XPC-PV4P-PM3W

Vulnerability from github – Published: 2026-06-16 23:38 – Updated: 2026-06-16 23:38
VLAI
Summary
LiteLLM: Authentication Bypass via Host Header Injection
Details

Impact

A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes.

The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched.

Most deployments are not affected. The bypass is blocked by any upstream layer that validates or normalizes Host, such as:

  • a CDN or WAF, such as Cloudflare
  • a reverse proxy with server_name allowlists
  • a host-based load balancer

LiteLLM Cloud customers are not affected.

Patches

Fixed in 1.84.0. Upgrade to 1.84.0 or later. No configuration change is required.

Workarounds

If upgrading is not immediately possible, place the proxy behind an upstream component that validates or normalizes the Host header before forwarding (a CDN/WAF, a reverse proxy with explicit server_name allowlists, or a cloud load balancer with host-based routing rules), or otherwise restrict network access to the proxy listener.

References

Discovery Credit: Le The Thang (KCSC) and Kim Ngoc Chung (One Mount Group)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "litellm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.84.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-49468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T23:38:26Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nA Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes.\n\nThe auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()`, which Starlette reconstructs from the `Host` header. A crafted `Host` could therefore make the auth gate evaluate a different route from the one FastAPI dispatched.\n\n**Most deployments are not affected.** The bypass is blocked by any upstream layer that validates or normalizes `Host`, such as:\n\n- a CDN or WAF, such as Cloudflare\n- a reverse proxy with `server_name` allowlists\n- a host-based load balancer\n\n**LiteLLM Cloud customers are not affected.**\n\n### Patches\n\nFixed in **`1.84.0`**. Upgrade to `1.84.0` or later. No configuration change is required.\n\n### Workarounds\n\nIf upgrading is not immediately possible, place the proxy behind an upstream component that validates or normalizes the `Host` header before forwarding (a CDN/WAF, a reverse proxy with explicit `server_name` allowlists, or a cloud load balancer with host-based routing rules), or otherwise restrict network access to the proxy listener.\n\n### References\n\n- Patched release: [`v1.84.0`](https://github.com/BerriAI/litellm/releases/tag/v1.84.0)\n\n**Discovery Credit**: Le The Thang (KCSC) and Kim Ngoc Chung (One Mount Group)",
  "id": "GHSA-4xpc-pv4p-pm3w",
  "modified": "2026-06-16T23:38:26Z",
  "published": "2026-06-16T23:38:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/BerriAI/litellm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "LiteLLM: Authentication Bypass via Host Header Injection"
}

GHSA-539Q-FQRF-RMXR

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-10-17 21:30
VLAI
Details

A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-10T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka \u0027Microsoft Browser Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-1357.",
  "id": "GHSA-539q-fqrf-rmxr",
  "modified": "2023-10-17T21:30:23Z",
  "published": "2022-05-24T16:58:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0608"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0608"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-54PF-9QMV-M7PJ

Vulnerability from github – Published: 2025-01-23 18:31 – Updated: 2025-01-29 12:31
VLAI
Details

API Security bypass through header manipulation

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-55925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-23T17:15:15Z",
    "severity": "MODERATE"
  },
  "details": "API Security bypass through header manipulation",
  "id": "GHSA-54pf-9qmv-m7pj",
  "modified": "2025-01-29T12:31:45Z",
  "published": "2025-01-23T18:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55925"
    },
    {
      "type": "WEB",
      "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-Workplace-Suite%C2%AE.pdf"
    },
    {
      "type": "WEB",
      "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55FF-CRW4-233H

Vulnerability from github – Published: 2024-05-17 09:31 – Updated: 2026-04-01 18:31
VLAI
Details

Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T09:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.",
  "id": "GHSA-55ff-crw4-233h",
  "modified": "2026-04-01T18:31:46Z",
  "published": "2024-05-17T09:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21746"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/wp-ultimate-review/vulnerability/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-55H8-8G96-X4HJ

Vulnerability from github – Published: 2026-03-24 21:50 – Updated: 2026-03-27 22:10
VLAI
Summary
NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
Details

Background

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.

The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers.

Problem Description

The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NATS clients could make their own decisions on how to trust a message, provided that they trust the nats-server as a broker.

A leafnode connecting to a nats-server is not fully trusted unless the system account is bridged too. Thus identity claims should not have propagated unchecked.

Thus NATS clients relying upon the Nats-Request-Info: header could be spoofed.

Does not directly affect the nats-server itself, but the CVSS Confidentiality and Integrity scores are based upon what a hypothetical client might choose to do with this NATS header.

Affected Versions

Any version before v2.12.6 or v2.11.15

Workarounds

None.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/nats-io/nats-server/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/nats-io/nats-server/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12.0-RC.1"
            },
            {
              "fixed": "2.12.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/nats-io/nats-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-290"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-24T21:50:25Z",
    "nvd_published_at": "2026-03-25T20:16:33Z",
    "severity": "MODERATE"
  },
  "details": "### Background\n\nNATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.\n\nThe nats-server allows hub/spoke topologies using \"leafnode\" connections by other nats-servers.  NATS messages can have headers.\n\n### Problem Description\n\nThe nats-server offers a `Nats-Request-Info:` message header, providing information about a request.  This is supposed to provide enough information to allow for account/user identification, such that NATS clients could make their own decisions on how to trust a message, provided that they trust the nats-server as a broker.\n\nA leafnode connecting to a nats-server is not fully trusted unless the system account is bridged too.  Thus identity claims should not have propagated unchecked.\n\nThus NATS clients relying upon the Nats-Request-Info: header could be spoofed.\n\nDoes not directly affect the nats-server itself, but the CVSS Confidentiality and Integrity scores are based upon what a hypothetical client might choose to do with this NATS header.\n\n### Affected Versions\n\nAny version before v2.12.6 or v2.11.15\n\n### Workarounds\n\nNone.",
  "id": "GHSA-55h8-8g96-x4hj",
  "modified": "2026-03-27T22:10:07Z",
  "published": "2026-03-24T21:50:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-55h8-8g96-x4hj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33246"
    },
    {
      "type": "WEB",
      "url": "https://advisories.nats.io/CVE/secnote-2026-08.txt"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nats-io/nats-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers"
}

GHSA-5773-H955-5W49

Vulnerability from github – Published: 2025-12-10 12:31 – Updated: 2025-12-10 12:31
VLAI
Details

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.

Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.

Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-10T12:16:20Z",
    "severity": "CRITICAL"
  },
  "details": "Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.\n\nAuthentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.\n\nExploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.",
  "id": "GHSA-5773-h955-5w49",
  "modified": "2025-12-10T12:31:27Z",
  "published": "2025-12-10T12:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13953"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/bypass-authentication-method-gtt-sistema-de-informacion-tributario"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-57Q4-CGQR-6CW7

Vulnerability from github – Published: 2025-02-21 15:32 – Updated: 2025-02-21 21:32
VLAI
Details

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-21T14:15:29Z",
    "severity": "MODERATE"
  },
  "details": "Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.",
  "id": "GHSA-57q4-cgqr-6cw7",
  "modified": "2025-02-21T21:32:07Z",
  "published": "2025-02-21T15:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6158"
    },
    {
      "type": "WEB",
      "url": "https://security.opera.com/en/address-bar-spoofing-in-opera-mini-for-android-opera-security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57V8-Q85X-PWX6

Vulnerability from github – Published: 2026-05-19 15:31 – Updated: 2026-05-19 18:32
VLAI
Details

Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-19T14:16:52Z",
    "severity": "HIGH"
  },
  "details": "Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.",
  "id": "GHSA-57v8-q85x-pwx6",
  "modified": "2026-05-19T18:32:09Z",
  "published": "2026-05-19T15:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8960"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940116"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-46"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-50"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58M3-63QV-6G2G

Vulnerability from github – Published: 2023-03-28 00:34 – Updated: 2025-02-24 21:31
VLAI
Details

The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-27T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.",
  "id": "GHSA-58m3-63qv-6g2g",
  "modified": "2025-02-24T21:31:43Z",
  "published": "2023-03-28T00:34:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48349"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/3"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-21: Exploitation of Trusted Identifiers

An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness

An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.

CAPEC-473: Signature Spoof

An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.

CAPEC-476: Signature Spoofing by Misrepresentation

An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

CAPEC-60: Reusing Session IDs (aka Session Replay)

This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.

CAPEC-667: Bluetooth Impersonation AttackS (BIAS)

An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.