CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5517 vulnerabilities reference this CWE, most recent first.
GHSA-JGQJ-5GGG-RGG4
Vulnerability from github – Published: 2026-03-29 15:30 – Updated: 2026-03-29 15:30OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.
{
"affected": [],
"aliases": [
"CVE-2026-32919"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-29T13:17:00Z",
"severity": "MODERATE"
},
"details": "OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.",
"id": "GHSA-jgqj-5ggg-rgg4",
"modified": "2026-03-29T15:30:19Z",
"published": "2026-03-29T15:30:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf6w-m8jw-jfxc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32919"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-session-reset-via-agent-slash-commands"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JGQJ-HR6F-2P53
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-10-27 19:00The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissions_callback used in this file only checked for the edit_posts capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.
{
"affected": [],
"aliases": [
"CVE-2021-38312"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-02T17:15:00Z",
"severity": "HIGH"
},
"details": "The Gutenberg Template Library \u0026 Redux Framework plugin \u003c= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the \u201credux/v1/templates/\u201d REST Route in \u201credux-templates/classes/class-api.php\u201d. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.",
"id": "GHSA-jgqj-hr6f-2p53",
"modified": "2022-10-27T19:00:39Z",
"published": "2022-05-24T22:28:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38312"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JGW5-RV3F-4326
Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-09 00:00An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.
{
"affected": [],
"aliases": [
"CVE-2022-29633"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-26T20:15:00Z",
"severity": "CRITICAL"
},
"details": "An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.",
"id": "GHSA-jgw5-rv3f-4326",
"modified": "2022-06-09T00:00:22Z",
"published": "2022-05-27T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29633"
},
{
"type": "WEB",
"url": "https://github.com/awake1t/linglong"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGWH-R9RP-8372
Vulnerability from github – Published: 2023-08-09 21:30 – Updated: 2024-04-04 06:45KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
{
"affected": [],
"aliases": [
"CVE-2023-33468"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-09T20:15:10Z",
"severity": "CRITICAL"
},
"details": "KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.",
"id": "GHSA-jgwh-r9rp-8372",
"modified": "2024-04-04T06:45:49Z",
"published": "2023-08-09T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33468"
},
{
"type": "WEB",
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468"
},
{
"type": "WEB",
"url": "http://kramerav.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JH36-7VGG-MWM2
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-07-13 00:01An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
{
"affected": [],
"aliases": [
"CVE-2021-40104"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T12:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.",
"id": "GHSA-jh36-7vgg-mwm2",
"modified": "2022-07-13T00:01:39Z",
"published": "2022-05-24T19:15:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40104"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1102088"
},
{
"type": "WEB",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHC8-V2X5-JVJ5
Vulnerability from github – Published: 2024-06-12 09:30 – Updated: 2024-06-27 03:30A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.
In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
{
"affected": [],
"aliases": [
"CVE-2024-2698"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-12T08:15:50Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the \"forwardable\" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.\n\nIn FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.",
"id": "GHSA-jhc8-v2x5-jvj5",
"modified": "2024-06-27T03:30:55Z",
"published": "2024-06-12T09:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3754"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3755"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3759"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-2698"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270353"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI"
},
{
"type": "WEB",
"url": "https://www.freeipa.org/release-notes/4-12-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHCX-MW62-QXXM
Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-17 06:30In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
{
"affected": [],
"aliases": [
"CVE-2022-42978"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T01:15:00Z",
"severity": "HIGH"
},
"details": "In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.",
"id": "GHSA-jhcx-mw62-qxxm",
"modified": "2022-11-17T06:30:20Z",
"published": "2022-11-15T12:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42978"
},
{
"type": "WEB",
"url": "https://gist.github.com/CveCt0r/34251664a511f1045ce6a5492e94eec1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHFM-VPJ4-VJ2F
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2023-06-27 21:30An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2022-21825"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T23:15:00Z",
"severity": "HIGH"
},
"details": "An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.",
"id": "GHSA-jhfm-vpj4-vj2f",
"modified": "2023-06-27T21:30:44Z",
"published": "2022-02-11T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21825"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX338435"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHJC-78HV-55V9
Vulnerability from github – Published: 2023-02-09 21:30 – Updated: 2023-02-21 18:30Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
{
"affected": [],
"aliases": [
"CVE-2023-21424"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-09T19:15:00Z",
"severity": "LOW"
},
"details": "Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.",
"id": "GHSA-jhjc-78hv-55v9",
"modified": "2023-02-21T18:30:25Z",
"published": "2023-02-09T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21424"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHP7-5V8Q-5544
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2023-05-16 21:30Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).
{
"affected": [],
"aliases": [
"CVE-2021-35526"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T16:15:00Z",
"severity": "HIGH"
},
"details": "Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager \u2013 SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager \u2013 SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).",
"id": "GHSA-jhp7-5v8q-5544",
"modified": "2023-05-16T21:30:17Z",
"published": "2022-05-24T22:28:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35526"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?utm_campaign=\u0026utm_content=2021.08_5051_Cybersecurity%20Advisory%3A\u0026utm_medium=email\u0026utm_source=Eloqua\u0026DocumentID=9AKK107992A4700\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqTrackId=ba79ef3d8aec4a4fad6c0cbe06d33d6c\u0026elq=1bda419954724e908db108def16646a5\u0026elqaid=3638\u0026elqat=1\u0026elqCampaignId="
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.