CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5494 vulnerabilities reference this CWE, most recent first.
GHSA-HQGG-Q83J-H468
Vulnerability from github – Published: 2025-08-26 12:30 – Updated: 2025-08-26 12:30An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.
{
"affected": [],
"aliases": [
"CVE-2025-1501"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T11:15:31Z",
"severity": "MODERATE"
},
"details": "An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges.\u00a0An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.",
"id": "GHSA-hqgg-q83j-h468",
"modified": "2025-08-26T12:30:23Z",
"published": "2025-08-26T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1501"
},
{
"type": "WEB",
"url": "https://security.nozominetworks.com/NN-2025:3-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HQGR-XF2J-75R5
Vulnerability from github – Published: 2025-05-22 21:30 – Updated: 2025-05-22 21:30An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges.
This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks.
{
"affected": [],
"aliases": [
"CVE-2024-6914"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T19:15:42Z",
"severity": "CRITICAL"
},
"details": "An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges.\n\nThis vulnerability is exploitable only through the account recovery SOAP admin services exposed via the \"/services\" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the \"Security Guidelines for Production Deployment\" by disabling exposure to untrusted networks.",
"id": "GHSA-hqgr-xf2j-75r5",
"modified": "2025-05-22T21:30:47Z",
"published": "2025-05-22T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6914"
},
{
"type": "WEB",
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3561"
},
{
"type": "WEB",
"url": "https://security.docs.wso2.com/en/latest/security-guidelines/security-guidelines-for-production-deployment"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQPJ-F3JH-29VX
Vulnerability from github – Published: 2026-05-18 09:31 – Updated: 2026-06-01 15:53Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a crafted invite confirmation with a RefreshedToken matching the original token. Mattermost Advisory ID: MMSA-2026-00575
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "11.5.0"
},
{
"fixed": "11.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.11.0"
},
{
"fixed": "10.11.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20260313190740-742e0be95074"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.2-0.20260313190740-742e0be95074"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-4273"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-01T15:53:25Z",
"nvd_published_at": "2026-05-18T08:16:14Z",
"severity": "LOW"
},
"details": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a crafted invite confirmation with a RefreshedToken matching the original token. Mattermost Advisory ID: MMSA-2026-00575",
"id": "GHSA-hqpj-f3jh-29vx",
"modified": "2026-06-01T15:53:25Z",
"published": "2026-05-18T09:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4273"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/742e0be9507454a7e662668e1d9ec1b94b636e9b"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost doesn\u0027t validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation"
}
GHSA-HQQ5-5427-9HVF
Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-07-10 00:00MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.
{
"affected": [],
"aliases": [
"CVE-2021-37791"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.",
"id": "GHSA-hqq5-5427-9hvf",
"modified": "2022-07-10T00:00:48Z",
"published": "2022-07-01T00:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37791"
},
{
"type": "WEB",
"url": "https://github.com/cdfan/my-admin/issues/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HQRF-67PM-WGFQ
Vulnerability from github – Published: 2025-09-24 18:57 – Updated: 2025-10-23 20:12Overview
Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mutually authenticate and authorize access.
In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within that same block.
From Omni's perspective, this is a WireGuard interface with multiple peers, where each peer corresponds to a Talos machine. The WireGuard interface on Omni is configured to ensure that the source IP address of an incoming packet matches the IPv6 address assigned to the Talos peer. However, it performs no validation on the packet's destination address.
The Talos end of the SideroLink connection cannot be considered a trusted environment. Workloads running on Kubernetes, especially those configured with host networking, could gain direct access to this link. Therefore, a malicious workload could theoretically send arbitrary packets over the SideroLink interface.
Impact
This vulnerability creates two distinct attack scenarios based on Omni's IP forwarding configuration.
-
IP Forwarding Disabled (Default) If
IP forwardingis disabled, an attacker on a Talos machine can send packets over SideroLink to any listening service on Omni itself (e.g., an internal API). If Omni is running in host networking mode, any service on the host machine could also be targeted. While this is the default configuration, Omni does not enforce it. -
IP Forwarding Enabled If
IP forwardingis enabled, an attacker on a Talos machine can communicate with other machines connected to Omni or route packets deeper into Omni's network. Although this is not the default configuration, Omni does not check for or prevent this state.
Patches
The problem has been fixed in Omni >= 0.48.0, the commit is https://github.com/siderolabs/omni/commit/a5efd816a239e6c9e5ea7c0d43c02c04504d7b60
Workarounds
Disable IP forwarding, implement strict firewall rules.
References
None
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siderolabs/omni"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.48.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59824"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-24T18:57:19Z",
"nvd_published_at": "2025-09-24T20:15:33Z",
"severity": "LOW"
},
"details": "## Overview\n\nOmni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mutually authenticate and authorize access.\n\nIn this setup, Omni assigns a random IPv6 address to each Talos machine from a `/64` network block. Omni itself uses the fixed `::1` address within that same block.\n\nFrom Omni\u0027s perspective, this is a WireGuard interface with multiple peers, where each peer corresponds to a Talos machine. The WireGuard interface on Omni is configured to ensure that the **source IP address** of an incoming packet matches the IPv6 address assigned to the Talos peer. However, it **performs no validation on the packet\u0027s destination address**.\n\nThe Talos end of the SideroLink connection cannot be considered a trusted environment. Workloads running on Kubernetes, especially those configured with host networking, could gain direct access to this link. Therefore, a malicious workload could theoretically send arbitrary packets over the SideroLink interface.\n\n---\n\n## Impact\n\nThis vulnerability creates two distinct attack scenarios based on Omni\u0027s `IP forwarding` configuration.\n\n1. **IP Forwarding Disabled (Default)**\n If `IP forwarding` is disabled, an attacker on a Talos machine can send packets over SideroLink to any listening service on Omni itself (e.g., an internal API). If Omni is running in host networking mode, any service on the host machine could also be targeted. While this is the default configuration, Omni does not enforce it.\n\n2. **IP Forwarding Enabled**\n If `IP forwarding` is enabled, an attacker on a Talos machine can communicate with other machines connected to Omni or route packets deeper into Omni\u0027s network. Although this is not the default configuration, Omni does not check for or prevent this state.\n\n### Patches\n\nThe problem has been fixed in Omni \u003e= [0.48.0](https://github.com/siderolabs/omni/releases/tag/v0.48.0), the commit is https://github.com/siderolabs/omni/commit/a5efd816a239e6c9e5ea7c0d43c02c04504d7b60\n\n### Workarounds\n\nDisable IP forwarding, implement strict firewall rules.\n\n### References\n\nNone",
"id": "GHSA-hqrf-67pm-wgfq",
"modified": "2025-10-23T20:12:50Z",
"published": "2025-09-24T18:57:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siderolabs/omni/security/advisories/GHSA-hqrf-67pm-wgfq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59824"
},
{
"type": "WEB",
"url": "https://github.com/siderolabs/omni/commit/a5efd816a239e6c9e5ea7c0d43c02c04504d7b60"
},
{
"type": "PACKAGE",
"url": "https://github.com/siderolabs/omni"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3979"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Omni Wireguard SideroLink potential escape"
}
GHSA-HQW3-7CCF-2JM6
Vulnerability from github – Published: 2023-02-16 18:30 – Updated: 2023-02-24 21:30Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
{
"affected": [],
"aliases": [
"CVE-2023-24485"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T18:15:00Z",
"severity": "HIGH"
},
"details": "Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.",
"id": "GHSA-hqw3-7ccf-2jm6",
"modified": "2023-02-24T21:30:21Z",
"published": "2023-02-16T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24485"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HQXW-MM44-GC4R
Vulnerability from github – Published: 2021-08-30 16:16 – Updated: 2022-08-15 20:04Impact
Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with #fragment in the path may bypass Istio’s URI path based authorization policies.
Patches
- Istio 1.11.1 and above
- Istio 1.10.4 and above
- Istio 1.9.8 and above
Workarounds
A Lua filter may be written to normalize the path. This is similar to the Path normalization presented in the Security Best Practices guide.
References
More details can be found in the Istio Security Bulletin
For more information
If you have any questions or comments about this advisory, please email us at istio-security-vulnerability-reports@googlegroups.com
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "istio.io/istio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "istio.io/istio"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "istio.io/istio"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.11.0"
]
}
],
"aliases": [
"CVE-2021-39156"
],
"database_specific": {
"cwe_ids": [
"CWE-706",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-25T22:28:17Z",
"nvd_published_at": "2021-08-24T23:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nIstio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio\u2019s URI path based authorization policies. \n\n### Patches\n* Istio 1.11.1 and above\n* Istio 1.10.4 and above\n* Istio 1.9.8 and above\n\n### Workarounds\nA Lua filter may be written to normalize the path. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide.\n\n### References\nMore details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2021-008)\n\n### For more information\nIf you have any questions or comments about this advisory, please email us at istio-security-vulnerability-reports@googlegroups.com\n",
"id": "GHSA-hqxw-mm44-gc4r",
"modified": "2022-08-15T20:04:30Z",
"published": "2021-08-30T16:16:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/istio/istio/security/advisories/GHSA-hqxw-mm44-gc4r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39156"
},
{
"type": "PACKAGE",
"url": "https://github.com/istio/istio"
},
{
"type": "WEB",
"url": "https://istio.io/latest/news/security/istio-security-2021-008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Istio Fragments in Path May Lead to Authorization Policy Bypass"
}
GHSA-HR5F-9R38-H32R
Vulnerability from github – Published: 2023-06-12 21:30 – Updated: 2024-04-04 04:44A Mazda model (2015-2016) can be unlocked via an unspecified method.
{
"affected": [],
"aliases": [
"CVE-2023-32219"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-12T21:15:22Z",
"severity": "HIGH"
},
"details": "A Mazda model (2015-2016) can be unlocked via an unspecified method.",
"id": "GHSA-hr5f-9r38-h32r",
"modified": "2024-04-04T04:44:26Z",
"published": "2023-06-12T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32219"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HR5M-VVHF-96CX
Vulnerability from github – Published: 2022-05-14 02:58 – Updated: 2025-04-20 03:47Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
{
"affected": [],
"aliases": [
"CVE-2017-10379"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-19T17:29:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
"id": "GHSA-hr5m-vvhf-96cx",
"modified": "2025-04-20T03:47:14Z",
"published": "2022-05-14T02:58:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3265"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3442"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2439"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2729"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20171019-0002"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-4002"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101415"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039597"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HR65-WXM7-W4JV
Vulnerability from github – Published: 2022-10-06 18:52 – Updated: 2022-10-08 00:00A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
{
"affected": [],
"aliases": [
"CVE-2022-31252"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-06T18:16:00Z",
"severity": "MODERATE"
},
"details": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.",
"id": "GHSA-hr65-wxm7-w4jv",
"modified": "2022-10-08T00:00:20Z",
"published": "2022-10-06T18:52:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31252"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.