Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5556 vulnerabilities reference this CWE, most recent first.

GHSA-MWJM-9R99-F56X

Vulnerability from github – Published: 2026-01-28 18:30 – Updated: 2026-01-28 18:30
VLAI
Details

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-28T18:16:47Z",
    "severity": "HIGH"
  },
  "details": "M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.",
  "id": "GHSA-mwjm-9r99-f56x",
  "modified": "2026-01-28T18:30:48Z",
  "published": "2026-01-28T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36969"
    },
    {
      "type": "WEB",
      "url": "https://mmonit.com"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49080"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/mmonit-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MWJM-GCCR-V3QM

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8633"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka \"Windows Error Reporting Elevation of Privilege Vulnerability\".",
  "id": "GHSA-mwjm-gccr-v3qm",
  "modified": "2022-05-13T01:47:40Z",
  "published": "2022-05-13T01:47:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8633"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100069"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039102"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MWRV-7784-J7W2

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-22T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-mwrv-7784-j7w2",
  "modified": "2022-05-24T17:42:47Z",
  "published": "2022-05-24T17:42:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11282"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MWWV-V58H-QCVW

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2023-06-27 21:30
VLAI
Details

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-11T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.",
  "id": "GHSA-mwwv-v58h-qcvw",
  "modified": "2023-06-27T21:30:44Z",
  "published": "2022-02-12T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23433"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MX26-3RQJ-88Q7

Vulnerability from github – Published: 2022-08-04 00:00 – Updated: 2022-08-10 00:00
VLAI
Details

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-03T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the \"Browse Users\" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.",
  "id": "GHSA-mx26-3rqj-88q7",
  "modified": "2022-08-10T00:00:20Z",
  "published": "2022-08-04T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36800"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-11900"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MX47-6497-3FV2

Vulnerability from github – Published: 2024-05-14 22:22 – Updated: 2026-01-16 21:58
VLAI
Summary
Grafana account takeover via OAuth vulnerability
Details

Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana.

Release v.9.0.3, containing this security fix and other patches:

Release v.8.5.9, containing this security fix and other fixes:

Release v.8.4.10, containing this security fix and other fixes:

Release v.8.3.10, containing this security fix and other fixes:

Grafana account takeover via OAuth vulnerability (CVE-2022-31107)

Summary

On June 27 the HTTPVoid team contacted Grafana Labs to disclose a Grafana account takeover via an OAuth vulnerability.

We believe that this vulnerability is rated at CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L).

Impact

It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.

Affected versions with HIGH severity

All Grafana >=5.3 versions are affected by this vulnerability.

Solutions and mitigations

All installations after Grafana v5.3 should be upgraded as soon as possible.

As a workaround it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.

Appropriate patches have been applied to Grafana Cloud and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.

Timeline

Here is a detailed timeline starting from when we originally learned of the issue. All times in UTC.

2022-06-27 19:00 - Research submission of vulnerability report 2022-06-27 20:53 - Issue triaged, confirmed positive, and internal incident raised 2022-06-28 08:42 - Fix PR submitted and reviewed 2022-06-28 20:58 - All Grafana Cloud hosted Grafana instances patched 2022-07-05 07:14 - Customers informed under embargo 2022-07-14 02:00 - Public release

Acknowledgement

We would like to thank the HTTPVoid team for responsibly disclosing the vulnerability.

Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

Security announcements

We maintain a security category on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our RSS feed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.3.0-beta1"
            },
            {
              "fixed": "8.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.4.0"
            },
            {
              "fixed": "8.4.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.5.0"
            },
            {
              "fixed": "8.5.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/grafana"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T22:22:35Z",
    "nvd_published_at": "2022-07-15T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana.\n\nRelease v.9.0.3, containing this security fix and other patches:\n\n- [Download Grafana 9.0.3](https://grafana.com/grafana/download/9.0.3)\n- [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/)\n\nRelease v.8.5.9, containing this security fix and other fixes:\n\n- [Download Grafana 8.5.9](https://grafana.com/grafana/download/8.5.9)\n- [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/)\n\nRelease v.8.4.10, containing this security fix and other fixes:\n\n- [Download Grafana 8.4.10](https://grafana.com/grafana/download/8.4.10)\n- [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/)\n\nRelease v.8.3.10, containing this security fix and other fixes:\n\n- [Download Grafana 8.3.10](https://grafana.com/grafana/download/8.3.10)\n\n## Grafana account takeover via OAuth vulnerability ([CVE-2022-31107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31107))\n\n### Summary\nOn June 27 the HTTPVoid team contacted Grafana Labs to disclose a Grafana account takeover via an OAuth vulnerability.\n\nWe believe that this vulnerability is rated at CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L). \n\n### Impact\nIt is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.\n\n### Affected versions with HIGH severity \nAll Grafana \u003e=5.3 versions are affected by this vulnerability.\n\n### Solutions and mitigations\n\nAll installations after Grafana v5.3 should be upgraded as soon as possible.\n\nAs a workaround it is possible to [disable any OAuth login](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/) or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\n\nAppropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.\n\n### Timeline\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n\n2022-06-27 19:00 - Research submission of vulnerability report\n2022-06-27 20:53 - Issue triaged, confirmed positive, and internal incident raised\n2022-06-28 08:42 - Fix PR submitted and reviewed\n2022-06-28 20:58 - All Grafana Cloud hosted Grafana instances patched\n2022-07-05 07:14 - Customers informed under embargo\n2022-07-14 02:00 - Public release\n\n### Acknowledgement\n\nWe would like to thank the HTTPVoid team for responsibly disclosing the vulnerability.\n\n### Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs\u0027 open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).",
  "id": "GHSA-mx47-6497-3fv2",
  "modified": "2026-01-16T21:58:04Z",
  "published": "2024-05-14T22:22:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grafana/grafana"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220901-0010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Grafana account takeover via OAuth vulnerability"
}

GHSA-MX69-86H6-R53C

Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-10-15 21:30
VLAI
Details

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-15T20:15:19Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface).  Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as  unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
  "id": "GHSA-mx69-86h6-r53c",
  "modified": "2024-10-15T21:30:39Z",
  "published": "2024-10-15T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21275"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MXCH-5FF5-JP4W

Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12
VLAI
Details

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.",
  "id": "GHSA-mxch-5ff5-jp4w",
  "modified": "2022-05-24T17:12:53Z",
  "published": "2022-05-24T17:12:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10952"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/categories/releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MXGX-9CVP-M653

Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-14 18:31
VLAI
Details

Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T21:15:26Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.",
  "id": "GHSA-mxgx-9cvp-m653",
  "modified": "2025-01-14T18:31:55Z",
  "published": "2025-01-09T21:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13290"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-056"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MXJ6-X52W-4G7M

Vulnerability from github – Published: 2025-06-02 03:30 – Updated: 2025-06-02 18:30
VLAI
Details

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T03:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.",
  "id": "GHSA-mxj6-x52w-4g7m",
  "modified": "2025-06-02T18:30:42Z",
  "published": "2025-06-02T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20674"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/June-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.