CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5556 vulnerabilities reference this CWE, most recent first.
GHSA-MWJM-9R99-F56X
Vulnerability from github – Published: 2026-01-28 18:30 – Updated: 2026-01-28 18:30M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
{
"affected": [],
"aliases": [
"CVE-2020-36969"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-28T18:16:47Z",
"severity": "HIGH"
},
"details": "M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.",
"id": "GHSA-mwjm-9r99-f56x",
"modified": "2026-01-28T18:30:48Z",
"published": "2026-01-28T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36969"
},
{
"type": "WEB",
"url": "https://mmonit.com"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/49080"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/mmonit-privilege-escalation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MWJM-GCCR-V3QM
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".
{
"affected": [],
"aliases": [
"CVE-2017-8633"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-08T21:29:00Z",
"severity": "HIGH"
},
"details": "Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka \"Windows Error Reporting Elevation of Privilege Vulnerability\".",
"id": "GHSA-mwjm-gccr-v3qm",
"modified": "2022-05-13T01:47:40Z",
"published": "2022-05-13T01:47:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8633"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100069"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039102"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWRV-7784-J7W2
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2020-11282"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-22T07:15:00Z",
"severity": "HIGH"
},
"details": "Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-mwrv-7784-j7w2",
"modified": "2022-05-24T17:42:47Z",
"published": "2022-05-24T17:42:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11282"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MWWV-V58H-QCVW
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2023-06-27 21:30Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.
{
"affected": [],
"aliases": [
"CVE-2022-23433"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.",
"id": "GHSA-mwwv-v58h-qcvw",
"modified": "2023-06-27T21:30:44Z",
"published": "2022-02-12T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23433"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MX26-3RQJ-88Q7
Vulnerability from github – Published: 2022-08-04 00:00 – Updated: 2022-08-10 00:00Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
{
"affected": [],
"aliases": [
"CVE-2022-36800"
],
"database_specific": {
"cwe_ids": [
"CWE-732",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-03T03:15:00Z",
"severity": "MODERATE"
},
"details": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the \"Browse Users\" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.",
"id": "GHSA-mx26-3rqj-88q7",
"modified": "2022-08-10T00:00:20Z",
"published": "2022-08-04T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36800"
},
{
"type": "WEB",
"url": "https://jira.atlassian.com/browse/JSDSERVER-11900"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MX47-6497-3FV2
Vulnerability from github – Published: 2024-05-14 22:22 – Updated: 2026-01-16 21:58Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana.
Release v.9.0.3, containing this security fix and other patches:
Release v.8.5.9, containing this security fix and other fixes:
Release v.8.4.10, containing this security fix and other fixes:
Release v.8.3.10, containing this security fix and other fixes:
Grafana account takeover via OAuth vulnerability (CVE-2022-31107)
Summary
On June 27 the HTTPVoid team contacted Grafana Labs to disclose a Grafana account takeover via an OAuth vulnerability.
We believe that this vulnerability is rated at CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L).
Impact
It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.
Affected versions with HIGH severity
All Grafana >=5.3 versions are affected by this vulnerability.
Solutions and mitigations
All installations after Grafana v5.3 should be upgraded as soon as possible.
As a workaround it is possible to disable any OAuth login or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.
Appropriate patches have been applied to Grafana Cloud and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.
Timeline
Here is a detailed timeline starting from when we originally learned of the issue. All times in UTC.
2022-06-27 19:00 - Research submission of vulnerability report 2022-06-27 20:53 - Issue triaged, confirmed positive, and internal incident raised 2022-06-28 08:42 - Fix PR submitted and reviewed 2022-06-28 20:58 - All Grafana Cloud hosted Grafana instances patched 2022-07-05 07:14 - Customers informed under embargo 2022-07-14 02:00 - Public release
Acknowledgement
We would like to thank the HTTPVoid team for responsibly disclosing the vulnerability.
Reporting security issues
If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is
F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA
The key is available from keyserver.ubuntu.com.
Security announcements
We maintain a security category on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.
You can also subscribe to our RSS feed.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0-beta1"
},
{
"fixed": "8.3.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "8.4.0"
},
{
"fixed": "8.4.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31107"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-14T22:22:35Z",
"nvd_published_at": "2022-07-15T13:15:00Z",
"severity": "HIGH"
},
"details": "Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana.\n\nRelease v.9.0.3, containing this security fix and other patches:\n\n- [Download Grafana 9.0.3](https://grafana.com/grafana/download/9.0.3)\n- [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/)\n\nRelease v.8.5.9, containing this security fix and other fixes:\n\n- [Download Grafana 8.5.9](https://grafana.com/grafana/download/8.5.9)\n- [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/)\n\nRelease v.8.4.10, containing this security fix and other fixes:\n\n- [Download Grafana 8.4.10](https://grafana.com/grafana/download/8.4.10)\n- [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/)\n\nRelease v.8.3.10, containing this security fix and other fixes:\n\n- [Download Grafana 8.3.10](https://grafana.com/grafana/download/8.3.10)\n\n## Grafana account takeover via OAuth vulnerability ([CVE-2022-31107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31107))\n\n### Summary\nOn June 27 the HTTPVoid team contacted Grafana Labs to disclose a Grafana account takeover via an OAuth vulnerability.\n\nWe believe that this vulnerability is rated at CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L). \n\n### Impact\nIt is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.\n\n### Affected versions with HIGH severity \nAll Grafana \u003e=5.3 versions are affected by this vulnerability.\n\n### Solutions and mitigations\n\nAll installations after Grafana v5.3 should be upgraded as soon as possible.\n\nAs a workaround it is possible to [disable any OAuth login](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/) or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\n\nAppropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.\n\n### Timeline\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n\n2022-06-27 19:00 - Research submission of vulnerability report\n2022-06-27 20:53 - Issue triaged, confirmed positive, and internal incident raised\n2022-06-28 08:42 - Fix PR submitted and reviewed\n2022-06-28 20:58 - All Grafana Cloud hosted Grafana instances patched\n2022-07-05 07:14 - Customers informed under embargo\n2022-07-14 02:00 - Public release\n\n### Acknowledgement\n\nWe would like to thank the HTTPVoid team for responsibly disclosing the vulnerability.\n\n### Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs\u0027 open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).",
"id": "GHSA-mx47-6497-3fv2",
"modified": "2026-01-16T21:58:04Z",
"published": "2024-05-14T22:22:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31107"
},
{
"type": "PACKAGE",
"url": "https://github.com/grafana/grafana"
},
{
"type": "WEB",
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10"
},
{
"type": "WEB",
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9"
},
{
"type": "WEB",
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220901-0010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Grafana account takeover via OAuth vulnerability"
}
GHSA-MX69-86H6-R53C
Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-10-15 21:30Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
{
"affected": [],
"aliases": [
"CVE-2024-21275"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T20:15:19Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
"id": "GHSA-mx69-86h6-r53c",
"modified": "2024-10-15T21:30:39Z",
"published": "2024-10-15T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21275"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MXCH-5FF5-JP4W
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
{
"affected": [],
"aliases": [
"CVE-2020-10952"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-27T19:15:00Z",
"severity": "MODERATE"
},
"details": "GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.",
"id": "GHSA-mxch-5ff5-jp4w",
"modified": "2022-05-24T17:12:53Z",
"published": "2022-05-24T17:12:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10952"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/categories/releases"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MXGX-9CVP-M653
Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-14 18:31Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.
{
"affected": [],
"aliases": [
"CVE-2024-13290"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T21:15:26Z",
"severity": "MODERATE"
},
"details": "Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.",
"id": "GHSA-mxgx-9cvp-m653",
"modified": "2025-01-14T18:31:55Z",
"published": "2025-01-09T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13290"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2024-056"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MXJ6-X52W-4G7M
Vulnerability from github – Published: 2025-06-02 03:30 – Updated: 2025-06-02 18:30In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
{
"affected": [],
"aliases": [
"CVE-2025-20674"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T03:15:24Z",
"severity": "CRITICAL"
},
"details": "In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.",
"id": "GHSA-mxj6-x52w-4g7m",
"modified": "2025-06-02T18:30:42Z",
"published": "2025-06-02T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20674"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/June-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.