CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3256 vulnerabilities reference this CWE, most recent first.
GHSA-Q3F8-QFX4-GQ35
Vulnerability from github – Published: 2026-02-19 15:30 – Updated: 2026-06-05 12:31Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability was learned to be remediated through reporter information and testing.
{
"affected": [],
"aliases": [
"CVE-2025-9062"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-19T11:15:57Z",
"severity": "HIGH"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.\u00a0\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way. \nThe vulnerability was learned to be remediated through reporter information and testing.",
"id": "GHSA-q3f8-qfx4-gq35",
"modified": "2026-06-05T12:31:44Z",
"published": "2026-02-19T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9062"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0076"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-26-0076"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q3V6-HM2V-PW99
Vulnerability from github – Published: 2024-12-02 15:31 – Updated: 2025-01-24 21:31The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.7.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.8.0"
},
{
"fixed": "5.8.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0"
},
{
"fixed": "6.1.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.2.0"
},
{
"fixed": "6.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.3.0"
},
{
"fixed": "6.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38827"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-02T20:04:17Z",
"nvd_published_at": "2024-12-02T15:15:11Z",
"severity": "MODERATE"
},
"details": "The usage of String.toLowerCase()\u00a0and String.toUpperCase()\u00a0has some Locale\u00a0dependent exceptions that could potentially result in authorization rules not working properly.",
"id": "GHSA-q3v6-hm2v-pw99",
"modified": "2025-01-24T21:31:27Z",
"published": "2024-12-02T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/issues/33708"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/issues/34232"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-security"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250124-0007"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2024-38827"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Spring Framework has Authorization Bypass for Case Sensitive Comparisons"
}
GHSA-Q43X-GH6J-72HR
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-05-09 09:33The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
{
"affected": [],
"aliases": [
"CVE-2025-3605"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:10Z",
"severity": "CRITICAL"
},
"details": "The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account.",
"id": "GHSA-q43x-gh6j-72hr",
"modified": "2025-05-09T09:33:21Z",
"published": "2025-05-09T09:33:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3605"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-user-settings.php#L59"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c11668c-6dc3-4539-b2be-bf6528bed73e?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q477-JXCV-9PXW
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
{
"affected": [],
"aliases": [
"CVE-2020-13357"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T04:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Gitlab CE/EE versions \u003e= 13.1 to \u003c13.4.7, \u003e= 13.5 to \u003c13.5.5, and \u003e= 13.6 to \u003c13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.",
"id": "GHSA-q477-jxcv-9pxw",
"modified": "2022-05-24T17:35:59Z",
"published": "2022-05-24T17:35:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13357"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/962408"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13357.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/241132"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q4CR-CJQ5-H3M4
Vulnerability from github – Published: 2026-05-12 12:32 – Updated: 2026-05-12 12:32Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers.
This issue affects BAPSİS: before v.202604152042.
{
"affected": [],
"aliases": [
"CVE-2026-6001"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T10:16:48Z",
"severity": "HIGH"
},
"details": "Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPS\u0130S allows Exploitation of Trusted Identifiers.\n\nThis issue affects BAPS\u0130S: before v.202604152042.",
"id": "GHSA-q4cr-cjq5-h3m4",
"modified": "2026-05-12T12:32:15Z",
"published": "2026-05-12T12:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6001"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0223"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4CX-MM7J-89XJ
Vulnerability from github – Published: 2026-06-09 06:31 – Updated: 2026-06-09 06:31The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the six_storage_get_user_info and six_storage_update_profile AJAX actions. This is due to the six_storage_getUserInfo() and six_storage_updateProfile() functions being registered on wp_ajax_nopriv_* hooks and accepting a tenant identifier directly from $_POST['userId'] without performing any ownership verification, session binding, or nonce validation to confirm the requester has a legitimate relationship to the supplied ID. This makes it possible for unauthenticated attackers to read and modify arbitrary tenants' profile data — including name, email address, phone number, physical address, and SSN — by supplying an enumerated userId value in a crafted request to either handler.
{
"affected": [],
"aliases": [
"CVE-2026-9185"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T05:16:41Z",
"severity": "HIGH"
},
"details": "The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_get_user_info` and `six_storage_update_profile` AJAX actions. This is due to the `six_storage_getUserInfo()` and `six_storage_updateProfile()` functions being registered on `wp_ajax_nopriv_*` hooks and accepting a tenant identifier directly from `$_POST[\u0027userId\u0027]` without performing any ownership verification, session binding, or nonce validation to confirm the requester has a legitimate relationship to the supplied ID. This makes it possible for unauthenticated attackers to read and modify arbitrary tenants\u0027 profile data \u2014 including name, email address, phone number, physical address, and SSN \u2014 by supplying an enumerated `userId` value in a crafted request to either handler.",
"id": "GHSA-q4cx-mm7j-89xj",
"modified": "2026-06-09T06:31:59Z",
"published": "2026-06-09T06:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9185"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.20.2/inc/Base/Six_Storage_DashboardController.php#L11"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.20.2/inc/Base/Six_Storage_DashboardController.php#L1931"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.20.2/inc/Base/Six_Storage_DashboardController.php#L1955"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.20.2/inc/Base/Six_Storage_DashboardController.php#L995"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.20.2/inc/Base/Six_Storage_DashboardController.php#L998"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.22.0/inc/Base/Six_Storage_DashboardController.php#L11"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.22.0/inc/Base/Six_Storage_DashboardController.php#L1931"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.22.0/inc/Base/Six_Storage_DashboardController.php#L1955"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.22.0/inc/Base/Six_Storage_DashboardController.php#L995"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/6storage-rentals/tags/2.22.0/inc/Base/Six_Storage_DashboardController.php#L998"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74fa4240-6f62-4db6-b7e7-56998fc29e42?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q552-8MHX-P6Q2
Vulnerability from github – Published: 2025-02-26 21:30 – Updated: 2025-03-05 00:30SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model.
{
"affected": [],
"aliases": [
"CVE-2024-50689"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T21:15:17Z",
"severity": "CRITICAL"
},
"details": "SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model.",
"id": "GHSA-q552-8mhx-p6q2",
"modified": "2025-03-05T00:30:33Z",
"published": "2025-02-26T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50689"
},
{
"type": "WEB",
"url": "https://en.sungrowpower.com/security-notice-detail-2/6116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q5P4-G7M4-MHV3
Vulnerability from github – Published: 2026-03-11 12:31 – Updated: 2026-03-11 12:31The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the store_settings() method in the ExactMetrics_Onboarding class accepting a user-supplied triggered_by parameter that is used instead of the current user's ID to check permissions. This makes it possible for authenticated attackers with the exactmetrics_save_settings capability to bypass the install_plugins capability check by specifying an administrator's user ID in the triggered_by parameter, allowing them to install arbitrary plugins and achieve Remote Code Execution. This vulnerability only affects sites on which administrator has given other user types the permission to view reports and can only be exploited by users of that type.
{
"affected": [],
"aliases": [
"CVE-2026-1992"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T10:16:13Z",
"severity": "HIGH"
},
"details": "The ExactMetrics \u2013 Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accepting a user-supplied `triggered_by` parameter that is used instead of the current user\u0027s ID to check permissions. This makes it possible for authenticated attackers with the `exactmetrics_save_settings` capability to bypass the `install_plugins` capability check by specifying an administrator\u0027s user ID in the `triggered_by` parameter, allowing them to install arbitrary plugins and achieve Remote Code Execution. This vulnerability only affects sites on which administrator has given other user types the permission to view reports and can only be exploited by users of that type.",
"id": "GHSA-q5p4-g7m4-mhv3",
"modified": "2026-03-11T12:31:22Z",
"published": "2026-03-11T12:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1992"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/google-analytics-dashboard-for-wp/trunk/includes/admin/class-exactmetrics-onboarding.php#L273"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3473805/google-analytics-dashboard-for-wp/trunk/includes/admin/class-exactmetrics-onboarding.php?old=3309894\u0026old_path=google-analytics-dashboard-for-wp%2Ftrunk%2Fincludes%2Fadmin%2Fclass-exactmetrics-onboarding.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79b6b896-df66-4c3d-a4d4-d3dbeb630134?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q658-FH2M-CGVF
Vulnerability from github – Published: 2024-02-06 00:30 – Updated: 2026-04-08 21:32The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.
{
"affected": [],
"aliases": [
"CVE-2024-0366"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T22:16:00Z",
"severity": "MODERATE"
},
"details": "The Starbox \u2013 the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.",
"id": "GHSA-q658-fh2m-cgvf",
"modified": "2026-04-08T21:32:12Z",
"published": "2024-02-06T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0366"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1\u0026old=3000701\u0026old_path=%2Fstarbox%2Ftrunk"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1\u0026old=3000701\u0026old_path=/starbox/trunk"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6MX-QVHP-FQMG
Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-16 21:30n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the externalSecret:list scope can embed external secret references into credentials in forms the static validation does not detect; these references resolve at workflow execution time, exposing secret values the user is not authorized to access. This issue only affects instances where an external secrets provider is configured and Advanced Permissions are in use.
{
"affected": [],
"aliases": [
"CVE-2026-59259"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T12:18:17Z",
"severity": "MODERATE"
},
"details": "n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the externalSecret:list scope can embed external secret references into credentials in forms the static validation does not detect; these references resolve at workflow execution time, exposing secret values the user is not authorized to access. This issue only affects instances where an external secrets provider is configured and Advanced Permissions are in use.",
"id": "GHSA-q6mx-qvhp-fqmg",
"modified": "2026-07-16T21:30:33Z",
"published": "2026-07-15T12:32:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jp7m-xcgx-57qm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59259"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/n8n-permission-bypass-via-expression-parser-mismatch-in-external-secrets"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.