Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

GHSA-2W64-GV86-VGVQ

Vulnerability from github – Published: 2026-03-03 21:31 – Updated: 2026-03-03 21:31
VLAI
Details

IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T21:15:57Z",
    "severity": "MODERATE"
  },
  "details": "IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD",
  "id": "GHSA-2w64-gv86-vgvq",
  "modified": "2026-03-03T21:31:17Z",
  "published": "2026-03-03T21:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1713"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7261944"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34M9-46JH-JXM4

Vulnerability from github – Published: 2024-12-28 09:31 – Updated: 2024-12-28 09:31
VLAI
Details

Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)

This vulnerability has been assigned a (CVE)ID:CVE-2022-48470

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T07:15:19Z",
    "severity": "MODERATE"
  },
  "details": "Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470",
  "id": "GHSA-34m9-46jh-jxm4",
  "modified": "2024-12-28T09:31:28Z",
  "published": "2024-12-28T09:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48470"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-37GW-25XX-74F7

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Windows Kerberos Security Feature Bypass Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "Windows Kerberos Security Feature Bypass Vulnerability",
  "id": "GHSA-37gw-25xx-74f7",
  "modified": "2024-01-09T18:30:28Z",
  "published": "2024-01-09T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20674"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-385F-MWVX-QWQ5

Vulnerability from github – Published: 2026-06-11 12:32 – Updated: 2026-06-11 12:32
VLAI
Details

Authentication bypass by primary weakness vulnerability in ABB Freelance.

This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-11T10:16:21Z",
    "severity": "MODERATE"
  },
  "details": "Authentication bypass by primary weakness vulnerability in ABB Freelance.\n\nThis issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.",
  "id": "GHSA-385f-mwvx-qwq5",
  "modified": "2026-06-11T12:32:43Z",
  "published": "2026-06-11T12:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7064"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA020361\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-386J-565C-F86F

Vulnerability from github – Published: 2026-02-03 03:30 – Updated: 2026-02-06 21:30
VLAI
Details

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configupload” command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T02:16:07Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using \u201csupportsave\u201d, \n\u201cseccertmgmt\u201d, \u201cconfigupload\u201d command.",
  "id": "GHSA-386j-565c-f86f",
  "modified": "2026-02-06T21:30:47Z",
  "published": "2026-02-03T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58382"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3G58-GH82-FRFM

Vulnerability from github – Published: 2023-09-11 21:30 – Updated: 2024-04-04 07:35
VLAI
Details

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3

could allow a guest user to elevate to admin privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-11T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\ncould allow a guest user to elevate to admin privileges.",
  "id": "GHSA-3g58-gh82-frfm",
  "modified": "2024-04-04T07:35:59Z",
  "published": "2023-09-11T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36497"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3V48-283X-F2W4

Vulnerability from github – Published: 2025-06-30 17:49 – Updated: 2025-08-04 17:36
VLAI
Summary
File Browser's password protection of links is bypassable
Details

Summary

Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible.

Impact

File owners might rest in the assumption that their shared files are only accessible to persons knowing the defined password, giving them a false sense of security. Meanwhile, attackers gaining access to the unprotected link can use this information alone to download the possibly sensitive file.

Vulnerability Description

When sharing a file, the user is presented with a dialog asking for an optional password to protect the file share. The assumption of the user at this point would be, that the shared file won't be accessible without knowledge of the password. After clicking on SHARE the following dialog opens allowing the file's owner to copy the share-link:

image

In fact, there is not one, but two links offered: A Download Link and an unnamed second one. They have the following format:

  • http://filebrowser.local:8080/share/6Gtw0xAw
  • http://filebrowser.local:8080/api/public/dl/6Gtw0xAw/dummy1.pdf?token=voDK6j[...]

Apparently, the first of the two share links is that one that users are supposed to actually share, while the second one is a direct download link not protected by the password. This behavior is not documented anywhere or explained in the GUI, though.

There are multiple scenarios how an attacker might gain access to the unprotected link and, in consequence, to the shared file:

  • The file owner might incidentally share the second link instead of the first one, making it accessible to anyone having read access to the messaging system used (e.g., a mailserver).
  • After the legitimate receiver of the share has used the password, the unprotected link will get linked in multiple locations like the browser history or the log of a proxy server used.

Proof of Concept

Using the first link results in an authorization error if no password is provided, as expected:

```http hl:9 GET /api/public/share/6Gtw0xAw HTTP/1.1 Host: filebrowser.local:8080 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://filebrowser.local:8080/share/6Gtw0xAw X-Auth: X-SHARE-PASSWORD: DNT: 1 Sec-GPC: 1 Connection: keep-alive Priority: u=4

HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, must-revalidate Content-Security-Policy: default-src 'self'; style-src 'unsafe-inline'; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Thu, 27 Mar 2025 10:59:12 GMT Content-Length: 17

401 Unauthorized


Only if the password is provided (via the `X-SHARE-PASSWORD` header), a proper response is given:

```http hl:9
GET /api/public/share/6Gtw0xAw HTTP/1.1
Host: filebrowser.local:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://filebrowser.local:8080/share/6Gtw0xAw
X-Auth: 
X-SHARE-PASSWORD: 1234
DNT: 1
Sec-GPC: 1
Connection: keep-alive
Priority: u=0

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'self'; style-src 'unsafe-inline';
Content-Type: application/json; charset=utf-8
Date: Thu, 27 Mar 2025 10:59:15 GMT
Content-Length: 301

{"path":"","name":"dummy1.pdf","size":7703,"extension":".pdf","modified":"2025-03-27T15:11:45.101242449Z","mode":420,"isDir":false,"isSymlink":false,"type":"pdf","token":"voDK6j[...]"}

But it does not return the actual file content but rather an access token. This is the very same token that is already part of the second share URL and is used by the web application to recreate the actual download URL. If you are in possession of that one, no further password check is performed, and the content of the file is returned:

GET /api/public/dl/6Gtw0xAw?inline=true&token=voDK6j[...] HTTP/1.1
Host: filebrowser.local:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Sec-GPC: 1
Connection: keep-alive
Referer: http://filebrowser.local:8080/share/6Gtw0xAw
Upgrade-Insecure-Requests: 1
Priority: u=0, i

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private
Content-Disposition: inline
Content-Length: 7703
Content-Security-Policy: default-src 'self'; style-src 'unsafe-inline';
Content-Security-Policy: script-src 'none';
Content-Type: application/pdf
Last-Modified: Mon, 03 Mar 2025 15:11:45 GMT
Date: Thu, 27 Mar 2025 10:59:18 GMT

%PDF-1.4
%Ç쏢
%%Invocation: path/gs -P- -dSAFER -dCompatibilityLevel=1.4 -q -P- -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=? -sOutputFile=? -P- -dSAFER -dCompatibilityLevel=1.4 -
5 0 obj
[...]

Recommended Countermeasures

A short time solution would be to simple remove the second link from the GUI when a password protected share is created. Doing so will be a proper defense against user errors, but it will still leave unprotected links in various logs. A thorough fix has to eliminate the unprotected links completely, access to the file must only be given to requests containing the share password.

Timeline

  • 2025-03-27 Identified the vulnerability in version 2.32.0
  • 2025-04-11 Contacted the project
  • 2025-04-29 Vulnerability disclosed to the project
  • 2025-06-25 Uploaded advisories to the project's GitHub repository
  • 2025-06-25 CVE ID assigned by GitHub
  • 2025-06-29 Mitigation of user error released in version 2.34.2
  • 2025-06-29 Issue #5239 opened to track a more thorough fix of the feature

References

Credits

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.42.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-52996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T17:49:27Z",
    "nvd_published_at": "2025-06-30T20:15:25Z",
    "severity": "LOW"
  },
  "details": "## Summary ##\n\nFiles managed by the *File Browser* can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible.\n\n## Impact ##\n\nFile owners might rest in the assumption that their shared files are only accessible to persons knowing the defined password, giving them a false sense of security. Meanwhile, attackers gaining access to the unprotected link can use this information alone to download the possibly sensitive file.\n\n## Vulnerability Description ##\n\nWhen sharing a file, the user is presented with a dialog asking for an optional password to protect the file share. The assumption of the user at this point would be, that the shared file won\u0027t be accessible without knowledge of the password. After clicking on `SHARE` the following dialog opens allowing the file\u0027s owner to copy the share-link:\n\n![image](https://github.com/user-attachments/assets/f3add074-40ac-4367-a538-ede5bb526916)\n\nIn fact, there is not one, but two links offered: A `Download Link` and an unnamed second one. They have the following format:\n\n* http://filebrowser.local:8080/share/6Gtw0xAw\n* http://filebrowser.local:8080/api/public/dl/6Gtw0xAw/dummy1.pdf?token=voDK6j[...]\n\nApparently, the first of the two share links is that one that users are supposed to actually share, while the second one is a direct download link not protected by the password. This behavior is not documented anywhere or explained in the GUI, though.\n\nThere are multiple scenarios how an attacker might gain access to the unprotected link and, in consequence, to the shared file:\n\n* The file owner might incidentally share the second link instead of the first one, making it accessible to anyone having read access to the messaging system used (e.g., a mailserver).\n* After the legitimate receiver of the share has used the password, the unprotected link will get linked in multiple locations like the browser history or the log of a proxy server used.\n\n## Proof of Concept ##\n\nUsing the first link results in an authorization error if no password is provided, as expected:\n\n```http hl:9\nGET /api/public/share/6Gtw0xAw HTTP/1.1\nHost: filebrowser.local:8080\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0\nAccept: */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http://filebrowser.local:8080/share/6Gtw0xAw\nX-Auth: \nX-SHARE-PASSWORD: \nDNT: 1\nSec-GPC: 1\nConnection: keep-alive\nPriority: u=4\n\nHTTP/1.1 401 Unauthorized\nCache-Control: no-cache, no-store, must-revalidate\nContent-Security-Policy: default-src \u0027self\u0027; style-src \u0027unsafe-inline\u0027;\nContent-Type: text/plain; charset=utf-8\nX-Content-Type-Options: nosniff\nDate: Thu, 27 Mar 2025 10:59:12 GMT\nContent-Length: 17\n\n401 Unauthorized\n```\n\nOnly if the password is provided (via the `X-SHARE-PASSWORD` header), a proper response is given:\n\n```http hl:9\nGET /api/public/share/6Gtw0xAw HTTP/1.1\nHost: filebrowser.local:8080\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0\nAccept: */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http://filebrowser.local:8080/share/6Gtw0xAw\nX-Auth: \nX-SHARE-PASSWORD: 1234\nDNT: 1\nSec-GPC: 1\nConnection: keep-alive\nPriority: u=0\n\nHTTP/1.1 200 OK\nCache-Control: no-cache, no-store, must-revalidate\nContent-Security-Policy: default-src \u0027self\u0027; style-src \u0027unsafe-inline\u0027;\nContent-Type: application/json; charset=utf-8\nDate: Thu, 27 Mar 2025 10:59:15 GMT\nContent-Length: 301\n\n{\"path\":\"\",\"name\":\"dummy1.pdf\",\"size\":7703,\"extension\":\".pdf\",\"modified\":\"2025-03-27T15:11:45.101242449Z\",\"mode\":420,\"isDir\":false,\"isSymlink\":false,\"type\":\"pdf\",\"token\":\"voDK6j[...]\"}\n```\n\nBut it does not return the actual file content but rather an access token.\nThis is the very same token that is already part of the second share URL and is used by the web application to recreate the actual download URL.\nIf you are in possession of that one, no further password check is performed, and the content of the file is returned:\n\n```http\nGET /api/public/dl/6Gtw0xAw?inline=true\u0026token=voDK6j[...] HTTP/1.1\nHost: filebrowser.local:8080\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nDNT: 1\nSec-GPC: 1\nConnection: keep-alive\nReferer: http://filebrowser.local:8080/share/6Gtw0xAw\nUpgrade-Insecure-Requests: 1\nPriority: u=0, i\n\nHTTP/1.1 200 OK\nAccept-Ranges: bytes\nCache-Control: private\nContent-Disposition: inline\nContent-Length: 7703\nContent-Security-Policy: default-src \u0027self\u0027; style-src \u0027unsafe-inline\u0027;\nContent-Security-Policy: script-src \u0027none\u0027;\nContent-Type: application/pdf\nLast-Modified: Mon, 03 Mar 2025 15:11:45 GMT\nDate: Thu, 27 Mar 2025 10:59:18 GMT\n\n%PDF-1.4\n%\u00c7\u00ec\u008f\u00a2\n%%Invocation: path/gs -P- -dSAFER -dCompatibilityLevel=1.4 -q -P- -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=? -sOutputFile=? -P- -dSAFER -dCompatibilityLevel=1.4 -\n5 0 obj\n[...]\n```\n\n## Recommended Countermeasures ##\n\nA short time solution would be to simple remove the second link from the GUI when a password protected share is created.\nDoing so will be a proper defense against user errors, but it will still leave unprotected links in various logs.\nA thorough fix has to eliminate the unprotected links completely, access to the file must only be given to requests containing the share password.\n\n## Timeline ##\n\n* `2025-03-27` Identified the vulnerability in version 2.32.0\n* `2025-04-11` Contacted the project\n* `2025-04-29` Vulnerability disclosed to the project\n* `2025-06-25` Uploaded advisories to the project\u0027s GitHub repository\n* `2025-06-25` CVE ID assigned by GitHub\n* `2025-06-29` Mitigation of user error released in version 2.34.2\n* `2025-06-29` Issue [#5239](https://github.com/filebrowser/filebrowser/issues/5239) opened to track a more thorough fix of the feature\n\n## References ##\n\n* [CWE-305: Authentication Bypass by Primary Weakness](https://cwe.mitre.org/data/definitions/305.html)\n* [Original Advisory](https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-02_Filebrowser_Password_Protection_Of_Links_Bypassable)\n\n## Credits ##\n\n* Mathias Tausig ([SBA Research](https://www.sba-research.org/))",
  "id": "GHSA-3v48-283x-f2w4",
  "modified": "2025-08-04T17:36:08Z",
  "published": "2025-06-30T17:49:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-3v48-283x-f2w4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52996"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/issues/5239"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/filebrowser/filebrowser"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-02_Filebrowser_Password_Protection_Of_Links_Bypassable"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3790"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "File Browser\u0027s password protection of links is bypassable"
}

GHSA-3WHV-8QG8-4FFW

Vulnerability from github – Published: 2026-01-21 18:30 – Updated: 2026-01-21 18:30
VLAI
Details

Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-21T16:16:08Z",
    "severity": "MODERATE"
  },
  "details": "Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.",
  "id": "GHSA-3whv-8qg8-4ffw",
  "modified": "2026-01-21T18:30:30Z",
  "published": "2026-01-21T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1290"
    },
    {
      "type": "WEB",
      "url": "https://learn.jamf.com/en-US/bundle/jamf-pro-release-notes-11.24.0/page/Resolved_Issues.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3X3J-PMX9-J3R7

Vulnerability from github – Published: 2025-02-24 15:30 – Updated: 2025-02-24 18:32
VLAI
Details

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-24T15:15:13Z",
    "severity": "MODERATE"
  },
  "details": "WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user\u0027s password. No exploitation occurred.",
  "id": "GHSA-3x3j-pmx9-j3r7",
  "modified": "2025-02-24T18:32:41Z",
  "published": "2025-02-24T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23017"
    },
    {
      "type": "WEB",
      "url": "https://workos.com/security/advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.authkit.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42FF-P8FR-H5JR

Vulnerability from github – Published: 2026-07-13 09:31 – Updated: 2026-07-13 09:31
VLAI
Details

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-13T09:16:25Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681",
  "id": "GHSA-42ff-p8fr-h5jr",
  "modified": "2026-07-13T09:31:43Z",
  "published": "2026-07-13T09:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9597"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.