CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5504 vulnerabilities reference this CWE, most recent first.
GHSA-GF98-QC2V-6XVH
Vulnerability from github – Published: 2024-10-09 06:30 – Updated: 2024-10-10 00:31Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).
{
"affected": [],
"aliases": [
"CVE-2024-45160"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T05:15:13Z",
"severity": "CRITICAL"
},
"details": "Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).",
"id": "GHSA-gf98-qc2v-6xvh",
"modified": "2024-10-10T00:31:05Z",
"published": "2024-10-09T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45160"
},
{
"type": "WEB",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2"
},
{
"type": "WEB",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7"
},
{
"type": "WEB",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d"
},
{
"type": "WEB",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223"
},
{
"type": "WEB",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GF9W-RF5F-3WCR
Vulnerability from github – Published: 2022-04-01 00:00 – Updated: 2022-04-07 00:00In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.
{
"affected": [],
"aliases": [
"CVE-2021-38362"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T22:15:00Z",
"severity": "MODERATE"
},
"details": "In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.",
"id": "GHSA-gf9w-rf5f-3wcr",
"modified": "2022-04-07T00:00:28Z",
"published": "2022-04-01T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38362"
},
{
"type": "WEB",
"url": "https://github.com/fireeye/Vulnerability-Disclosures"
},
{
"type": "WEB",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0021/MNDT-2022-0021.md"
},
{
"type": "WEB",
"url": "https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFCP-5456-7Q6C
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2025-04-29 15:31D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface.
{
"affected": [],
"aliases": [
"CVE-2022-36785"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-17T23:15:00Z",
"severity": "HIGH"
},
"details": "D-Link \u2013 G integrated Access Device4 Information Disclosure \u0026 Authorization Bypass. *Information Disclosure \u2013 file contains a URL with private IP at line 15 \"login.asp\" A. The window.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ; \"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at *Authorization Bypass \u2013 URL by \"setupWizard.asp\u0027 while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface.",
"id": "GHSA-gfcp-5456-7q6c",
"modified": "2025-04-29T15:31:14Z",
"published": "2023-07-06T19:24:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36785"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFFH-92VM-W5GF
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 02:52A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.
{
"affected": [],
"aliases": [
"CVE-2020-3229"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-03T18:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.",
"id": "GHSA-gffh-92vm-w5gf",
"modified": "2024-04-04T02:52:44Z",
"published": "2022-05-24T17:19:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3229"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GFHF-42QR-7PGH
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and allow-authorization-extensions is set to false unless user change /etc/puppetlabs/puppetserver/conf.d/ca.conf configuration explicitly.
{
"affected": [],
"aliases": [
"CVE-2021-3469"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-03T20:15:00Z",
"severity": "MODERATE"
},
"details": "Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly.",
"id": "GHSA-gfhf-42qr-7pgh",
"modified": "2022-05-24T19:03:57Z",
"published": "2022-05-24T19:03:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3469"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943630"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GFM8-GR5X-C42H
Vulnerability from github – Published: 2023-12-26 15:30 – Updated: 2024-01-04 18:30Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
{
"affected": [],
"aliases": [
"CVE-2023-49949"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-26T14:15:07Z",
"severity": "HIGH"
},
"details": "Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.",
"id": "GHSA-gfm8-gr5x-c42h",
"modified": "2024-01-04T18:30:20Z",
"published": "2023-12-26T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49949"
},
{
"type": "WEB",
"url": "https://acribia.ru/articles/2fa_bypass_passwork"
},
{
"type": "WEB",
"url": "https://passwork.ru"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFRC-X46R-5MPJ
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
{
"affected": [],
"aliases": [
"CVE-2020-13275"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-19T22:15:00Z",
"severity": "MODERATE"
},
"details": "A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1",
"id": "GHSA-gfrc-x46r-5mpj",
"modified": "2022-05-24T17:21:19Z",
"published": "2022-05-24T17:21:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13275"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/806255"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209254"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GFWX-7F38-2397
Vulnerability from github – Published: 2021-12-14 00:00 – Updated: 2021-12-17 00:00Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group templates
{
"affected": [],
"aliases": [
"CVE-2021-39930"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user\u0027s custom project and group templates",
"id": "GHSA-gfwx-7f38-2397",
"modified": "2021-12-17T00:00:50Z",
"published": "2021-12-14T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39930"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/475240"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39930.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/26103"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GG23-WPG2-G99P
Vulnerability from github – Published: 2025-06-19 12:30 – Updated: 2025-06-19 12:30The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
{
"affected": [],
"aliases": [
"CVE-2025-5071"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-19T10:15:22Z",
"severity": "HIGH"
},
"details": "The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the \u0027Meow_MWAI_Labs_MCP::can_access_mcp\u0027 function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like \u0027wp_create_user\u0027, \u0027wp_update_user\u0027 and \u0027wp_update_option\u0027, which can be used for privilege escalation, and \u0027wp_update_post\u0027, \u0027wp_delete_post\u0027, \u0027wp_update_comment\u0027 and \u0027wp_delete_comment\u0027, which can be used to edit and delete posts and comments.",
"id": "GHSA-gg23-wpg2-g99p",
"modified": "2025-06-19T12:30:34Z",
"published": "2025-06-19T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5071"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GG2H-RXJC-7JX5
Vulnerability from github – Published: 2023-07-05 12:30 – Updated: 2024-04-04 05:23Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
{
"affected": [],
"aliases": [
"CVE-2021-46890"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T12:15:09Z",
"severity": "CRITICAL"
},
"details": "Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.",
"id": "GHSA-gg2h-rxjc-7jx5",
"modified": "2024-04-04T05:23:24Z",
"published": "2023-07-05T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46890"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/7"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.