Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5504 vulnerabilities reference this CWE, most recent first.

GHSA-J285-2PFR-PHWH

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01
VLAI
Details

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:44:00Z",
    "severity": "HIGH"
  },
  "details": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the \".debug_command.config\" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the \"/api/appInternals/1.0/agent/configuration\" API to map the corresponding ID to a command to be executed.",
  "id": "GHSA-j285-2pfr-phwh",
  "modified": "2022-03-17T00:01:47Z",
  "published": "2022-03-11T00:02:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42855"
    },
    {
      "type": "WEB",
      "url": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2CH-2MCC-VPWR

Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-07 00:01
VLAI
Details

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37176"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-30T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.",
  "id": "GHSA-j2ch-2mcc-vpwr",
  "modified": "2022-09-07T00:01:53Z",
  "published": "2022-08-31T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37176"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/drive/folders/1L6ojSooP8sbZLQYRsAxlb0IWVAZef8Z7?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "http://ac6ac1200.com"
    },
    {
      "type": "WEB",
      "url": "http://tenda.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2CM-6MGM-V7V4

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05
VLAI
Details

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-09T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0\u0027s APIC register values via L2 guest, when \u0027virtualize x2APIC mode\u0027 is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.",
  "id": "GHSA-j2cm-6mgm-v7v4",
  "modified": "2022-05-13T01:05:21Z",
  "published": "2022-05-13T01:05:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3887"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2703"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2741"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-3887"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695044"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3979-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3980-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3980-2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107850"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2FF-Q83X-C7PM

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-07-13 00:01
VLAI
Details

In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37604"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.",
  "id": "GHSA-j2ff-q83x-c7pm",
  "modified": "2022-07-13T00:01:34Z",
  "published": "2022-05-24T19:10:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37604"
    },
    {
      "type": "WEB",
      "url": "https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads"
    },
    {
      "type": "WEB",
      "url": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol"
    },
    {
      "type": "WEB",
      "url": "https://www.microchip.com/product-change-notifications/#"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2P9-482V-5WJ6

Vulnerability from github – Published: 2024-02-09 06:32 – Updated: 2025-06-10 21:31
VLAI
Details

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-09T04:15:08Z",
    "severity": "HIGH"
  },
  "details": "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.",
  "id": "GHSA-j2p9-482v-5wj6",
  "modified": "2025-06-10T21:31:18Z",
  "published": "2024-02-09T06:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51761"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
    },
    {
      "type": "WEB",
      "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2PQ-22JJ-4PM5

Vulnerability from github – Published: 2024-12-12 19:23 – Updated: 2024-12-12 19:23
VLAI
Summary
XWiki allows remote code execution through the extension sheet
Details

Impact

On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type ExtensionCode.ExtensionClass. Set the description to {{async}}{{groovy}}println("Hello from Description"){{/groovy}}{{/async}} and press Save and View. If the description displays as Hello from Description without any error, then the instance is vulnerable.

Patches

This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0.

Workarounds

Since Extension Repository Application is not mandatory, it can be safely disabled on instances that do not use it. It is also possible to manually apply this patch to the page ExtensionCode.ExtensionSheet, as well as this patch to the page ExtensionCode.ExtensionAuthorsDisplayer.

References

  • https://jira.xwiki.org/browse/XWIKI-21890
  • https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-repository-server-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3-milestone-1"
            },
            {
              "fixed": "15.10.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-repository-server-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.0.0-rc-1"
            },
            {
              "fixed": "16.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-55662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863",
      "CWE-94",
      "CWE-96"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-12T19:23:04Z",
    "nvd_published_at": "2024-12-12T18:15:27Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nOn instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server.\nIn order to reproduce on an instance, as a normal user without `script` nor `programming` rights, go to your profile and add an object of type `ExtensionCode.ExtensionClass`. Set the description to `{{async}}{{groovy}}println(\"Hello from Description\"){{/groovy}}{{/async}}` and press `Save and View`. If the description displays as `Hello from Description` without any error, then the instance is vulnerable.\n\n### Patches\nThis vulnerability has been fixed in XWiki 15.10.9 and 16.3.0.\n\n### Workarounds\nSince `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it.\nIt is also possible to manually apply [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-9b6f9e853f23d76611967737f8c4072ffceaba4c006ca5a5e65b66d988dc084a) to the page `ExtensionCode.ExtensionSheet`, as well as [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-d571404d94fa27360cfee64f2a11d8c819b397529db275e005606b7356610f82) to the page `ExtensionCode.ExtensionAuthorsDisplayer`.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21890\n* https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
  "id": "GHSA-j2pq-22jj-4pm5",
  "modified": "2024-12-12T19:23:04Z",
  "published": "2024-12-12T19:23:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55662"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-21890"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki allows remote code execution through the extension sheet"
}

GHSA-J2R7-3RVW-G7GX

Vulnerability from github – Published: 2023-07-12 12:31 – Updated: 2023-07-12 17:30
VLAI
Summary
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
Details

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.

The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.

There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.

2.8 Pulsar Broker users and earlier are unaffected. 2.9 Pulsar Broker users should upgrade to one of the patched versions. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pulsar:pulsar-broker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.pulsar:pulsar-broker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.11.0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.11.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-30428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-12T17:30:13Z",
    "nvd_published_at": "2023-07-12T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker\u0027s Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker\u0027s admin role.\nThis issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.\n\nThe vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.\n\nThere are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.\n\n2.8 Pulsar Broker users and earlier are unaffected.\n2.9 Pulsar Broker users should upgrade to one of the patched versions.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.\n\n",
  "id": "GHSA-j2r7-3rvw-g7gx",
  "modified": "2023-07-12T17:30:13Z",
  "published": "2023-07-12T12:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30428"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/pulsar"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/v39hqtgrmyxr85rmofwvgrktnflbq3q5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Pulsar Broker\u0027s Rest Producer vulnerable to Incorrect Authorization"
}

GHSA-J2VM-WRQ3-F7GF

Vulnerability from github – Published: 2025-12-17 20:52 – Updated: 2025-12-20 05:13
VLAI
Summary
Auth0-PHP SDK has Improper Audience Validation
Details

Description

In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens.

Affected product and versions

Projects are affected if they meet the following preconditions:

  • Applications using the Auth0-PHP SDK, versions between v8.0.0 and v8.17.0, or
  • Applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0:
    • a. Auth0/symfony,
    • b. Auth0/laravel-auth0,
    • c. Auth0/wordpress.

Resolution

Upgrade Auth0/Auth0-PHP to version 8.18.0 or greater.

Acknowledgement

Okta would like to thank Jafar Sadiq (iaf4r) for their discovery and responsible disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "auth0/auth0-php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.18.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-17T20:52:43Z",
    "nvd_published_at": "2025-12-17T22:16:01Z",
    "severity": "MODERATE"
  },
  "details": "### Description\nIn applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens.\n### Affected product and versions\nProjects are affected if they meet the following preconditions:\n\n- Applications using the Auth0-PHP SDK, versions between v8.0.0 and v8.17.0, or\n- Applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0:\n    - a. Auth0/symfony,\n    - b. Auth0/laravel-auth0,\n    - c. Auth0/wordpress.\n\n### Resolution\nUpgrade Auth0/Auth0-PHP to version 8.18.0 or greater.\n\n### Acknowledgement\nOkta would like to thank Jafar Sadiq (iaf4r) for their discovery and responsible disclosure.",
  "id": "GHSA-j2vm-wrq3-f7gf",
  "modified": "2025-12-20T05:13:26Z",
  "published": "2025-12-17T20:52:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/auth0/auth0-PHP"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/auth0-PHP/releases/tag/8.18.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/laravel-auth0/releases/tag/7.20.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/symfony/releases/tag/5.6.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/wordpress/releases/tag/5.5.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Auth0-PHP SDK has Improper Audience Validation"
}

GHSA-J334-HJ6G-M96M

Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23
VLAI
Details

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15780"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-15T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
  "id": "GHSA-j334-hj6g-m96m",
  "modified": "2022-05-24T17:23:44Z",
  "published": "2022-05-24T17:23:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15780"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354"
    },
    {
      "type": "WEB",
      "url": "https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4425-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4426-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4439-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4440-1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/06/15/3"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/20/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/30/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/30/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J338-J4PX-HXP4

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:36
VLAI
Details

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-29T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.",
  "id": "GHSA-j338-j4px-hxp4",
  "modified": "2024-04-04T02:36:10Z",
  "published": "2022-05-24T17:00:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5533"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.