CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5504 vulnerabilities reference this CWE, most recent first.
GHSA-J285-2PFR-PHWH
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.
{
"affected": [],
"aliases": [
"CVE-2021-42855"
],
"database_specific": {
"cwe_ids": [
"CWE-732",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:44:00Z",
"severity": "HIGH"
},
"details": "It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the \".debug_command.config\" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the \"/api/appInternals/1.0/agent/configuration\" API to map the corresponding ID to a command to be executed.",
"id": "GHSA-j285-2pfr-phwh",
"modified": "2022-03-17T00:01:47Z",
"published": "2022-03-11T00:02:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42855"
},
{
"type": "WEB",
"url": "https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2CH-2MCC-VPWR
Vulnerability from github – Published: 2022-08-31 00:00 – Updated: 2022-09-07 00:01Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.
{
"affected": [],
"aliases": [
"CVE-2022-37176"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-30T16:15:00Z",
"severity": "CRITICAL"
},
"details": "Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.",
"id": "GHSA-j2ch-2mcc-vpwr",
"modified": "2022-09-07T00:01:53Z",
"published": "2022-08-31T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37176"
},
{
"type": "WEB",
"url": "https://drive.google.com/drive/folders/1L6ojSooP8sbZLQYRsAxlb0IWVAZef8Z7?usp=sharing"
},
{
"type": "WEB",
"url": "http://ac6ac1200.com"
},
{
"type": "WEB",
"url": "http://tenda.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2CM-6MGM-V7V4
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.
{
"affected": [],
"aliases": [
"CVE-2019-3887"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T16:29:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0\u0027s APIC register values via L2 guest, when \u0027virtualize x2APIC mode\u0027 is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.",
"id": "GHSA-j2cm-6mgm-v7v4",
"modified": "2022-05-13T01:05:21Z",
"published": "2022-05-13T01:05:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3887"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2703"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2741"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2019-3887"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695044"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3979-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3980-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3980-2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107850"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2FF-Q83X-C7PM
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-07-13 00:01In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
{
"affected": [],
"aliases": [
"CVE-2021-37604"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-05T16:15:00Z",
"severity": "HIGH"
},
"details": "In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.",
"id": "GHSA-j2ff-q83x-c7pm",
"modified": "2022-07-13T00:01:34Z",
"published": "2022-05-24T19:10:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37604"
},
{
"type": "WEB",
"url": "https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.50.0.100-readme.pdf"
},
{
"type": "WEB",
"url": "https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads"
},
{
"type": "WEB",
"url": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability"
},
{
"type": "WEB",
"url": "https://www.microchip.com/en-us/products/wireless-connectivity/sub-ghz/miwi-protocol"
},
{
"type": "WEB",
"url": "https://www.microchip.com/product-change-notifications/#"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J2P9-482V-5WJ6
Vulnerability from github – Published: 2024-02-09 06:32 – Updated: 2025-06-10 21:31In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
{
"affected": [],
"aliases": [
"CVE-2023-51761"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-09T04:15:08Z",
"severity": "HIGH"
},
"details": "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.",
"id": "GHSA-j2p9-482v-5wj6",
"modified": "2025-06-10T21:31:18Z",
"published": "2024-02-09T06:32:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51761"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
},
{
"type": "WEB",
"url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J2PQ-22JJ-4PM5
Vulnerability from github – Published: 2024-12-12 19:23 – Updated: 2024-12-12 19:23Impact
On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server.
In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type ExtensionCode.ExtensionClass. Set the description to {{async}}{{groovy}}println("Hello from Description"){{/groovy}}{{/async}} and press Save and View. If the description displays as Hello from Description without any error, then the instance is vulnerable.
Patches
This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0.
Workarounds
Since Extension Repository Application is not mandatory, it can be safely disabled on instances that do not use it.
It is also possible to manually apply this patch to the page ExtensionCode.ExtensionSheet, as well as this patch to the page ExtensionCode.ExtensionAuthorsDisplayer.
References
- https://jira.xwiki.org/browse/XWIKI-21890
- https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-repository-server-ui"
},
"ranges": [
{
"events": [
{
"introduced": "3.3-milestone-1"
},
{
"fixed": "15.10.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-repository-server-ui"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0-rc-1"
},
{
"fixed": "16.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55662"
],
"database_specific": {
"cwe_ids": [
"CWE-863",
"CWE-94",
"CWE-96"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-12T19:23:04Z",
"nvd_published_at": "2024-12-12T18:15:27Z",
"severity": "CRITICAL"
},
"details": "### Impact\nOn instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server.\nIn order to reproduce on an instance, as a normal user without `script` nor `programming` rights, go to your profile and add an object of type `ExtensionCode.ExtensionClass`. Set the description to `{{async}}{{groovy}}println(\"Hello from Description\"){{/groovy}}{{/async}}` and press `Save and View`. If the description displays as `Hello from Description` without any error, then the instance is vulnerable.\n\n### Patches\nThis vulnerability has been fixed in XWiki 15.10.9 and 16.3.0.\n\n### Workarounds\nSince `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it.\nIt is also possible to manually apply [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-9b6f9e853f23d76611967737f8c4072ffceaba4c006ca5a5e65b66d988dc084a) to the page `ExtensionCode.ExtensionSheet`, as well as [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-d571404d94fa27360cfee64f2a11d8c819b397529db275e005606b7356610f82) to the page `ExtensionCode.ExtensionAuthorsDisplayer`.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21890\n* https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
"id": "GHSA-j2pq-22jj-4pm5",
"modified": "2024-12-12T19:23:04Z",
"published": "2024-12-12T19:23:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55662"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "XWiki allows remote code execution through the extension sheet"
}
GHSA-J2R7-3RVW-G7GX
Vulnerability from github – Published: 2023-07-12 12:31 – Updated: 2023-07-12 17:30Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.
The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.
There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.
2.8 Pulsar Broker users and earlier are unaffected. 2.9 Pulsar Broker users should upgrade to one of the patched versions. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.pulsar:pulsar-broker"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.10.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.pulsar:pulsar-broker"
},
"ranges": [
{
"events": [
{
"introduced": "2.11.0"
},
{
"fixed": "2.11.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.11.0"
]
}
],
"aliases": [
"CVE-2023-30428"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-12T17:30:13Z",
"nvd_published_at": "2023-07-12T10:15:09Z",
"severity": "HIGH"
},
"details": "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker\u0027s Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker\u0027s admin role.\nThis issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.\n\nThe vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.\n\nThere are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.\n\n2.8 Pulsar Broker users and earlier are unaffected.\n2.9 Pulsar Broker users should upgrade to one of the patched versions.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.\n\n",
"id": "GHSA-j2r7-3rvw-g7gx",
"modified": "2023-07-12T17:30:13Z",
"published": "2023-07-12T12:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30428"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/pulsar"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/v39hqtgrmyxr85rmofwvgrktnflbq3q5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Pulsar Broker\u0027s Rest Producer vulnerable to Incorrect Authorization"
}
GHSA-J2VM-WRQ3-F7GF
Vulnerability from github – Published: 2025-12-17 20:52 – Updated: 2025-12-20 05:13Description
In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens.
Affected product and versions
Projects are affected if they meet the following preconditions:
- Applications using the Auth0-PHP SDK, versions between v8.0.0 and v8.17.0, or
- Applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0:
- a. Auth0/symfony,
- b. Auth0/laravel-auth0,
- c. Auth0/wordpress.
Resolution
Upgrade Auth0/Auth0-PHP to version 8.18.0 or greater.
Acknowledgement
Okta would like to thank Jafar Sadiq (iaf4r) for their discovery and responsible disclosure.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "auth0/auth0-php"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68129"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-17T20:52:43Z",
"nvd_published_at": "2025-12-17T22:16:01Z",
"severity": "MODERATE"
},
"details": "### Description\nIn applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens.\n### Affected product and versions\nProjects are affected if they meet the following preconditions:\n\n- Applications using the Auth0-PHP SDK, versions between v8.0.0 and v8.17.0, or\n- Applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0:\n - a. Auth0/symfony,\n - b. Auth0/laravel-auth0,\n - c. Auth0/wordpress.\n\n### Resolution\nUpgrade Auth0/Auth0-PHP to version 8.18.0 or greater.\n\n### Acknowledgement\nOkta would like to thank Jafar Sadiq (iaf4r) for their discovery and responsible disclosure.",
"id": "GHSA-j2vm-wrq3-f7gf",
"modified": "2025-12-20T05:13:26Z",
"published": "2025-12-17T20:52:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf"
},
{
"type": "WEB",
"url": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h"
},
{
"type": "WEB",
"url": "https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g"
},
{
"type": "WEB",
"url": "https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68129"
},
{
"type": "WEB",
"url": "https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f"
},
{
"type": "WEB",
"url": "https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3"
},
{
"type": "WEB",
"url": "https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479"
},
{
"type": "WEB",
"url": "https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de"
},
{
"type": "PACKAGE",
"url": "https://github.com/auth0/auth0-PHP"
},
{
"type": "WEB",
"url": "https://github.com/auth0/auth0-PHP/releases/tag/8.18.0"
},
{
"type": "WEB",
"url": "https://github.com/auth0/laravel-auth0/releases/tag/7.20.0"
},
{
"type": "WEB",
"url": "https://github.com/auth0/symfony/releases/tag/5.6.0"
},
{
"type": "WEB",
"url": "https://github.com/auth0/wordpress/releases/tag/5.5.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Auth0-PHP SDK has Improper Audience Validation"
}
GHSA-J334-HJ6G-M96M
Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
{
"affected": [],
"aliases": [
"CVE-2020-15780"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-15T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.",
"id": "GHSA-j334-hj6g-m96m",
"modified": "2022-05-24T17:23:44Z",
"published": "2022-05-24T17:23:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15780"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354"
},
{
"type": "WEB",
"url": "https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4425-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4426-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4439-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4440-1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/06/15/3"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/20/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/30/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/30/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J338-J4PX-HXP4
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:36In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.
{
"affected": [],
"aliases": [
"CVE-2019-5533"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-29T19:15:00Z",
"severity": "MODERATE"
},
"details": "In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.",
"id": "GHSA-j338-j4px-hxp4",
"modified": "2024-04-04T02:36:10Z",
"published": "2022-05-24T17:00:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5533"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.