CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2017-0882 (GCVE-0-2017-0882)
Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-05 13:18
VLAI?
Summary
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key (CWE-639)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3 |
Affected:
GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:18:06.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
},
{
"name": "97157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
},
{
"name": "97157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3",
"version": {
"version_data": [
{
"version_value": "GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
},
{
"name": "97157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97157"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
},
{
"name": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/",
"refsource": "MISC",
"url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0882",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:18:06.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0920 (GCVE-0-2017-0920)
Vulnerability from cvelistv5 – Published: 2018-03-22 15:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key (CWE-639)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitLab | GitLab Community and Enterprise Editions |
Affected:
Versions before 10.1.6, 10.2.6, and 10.3.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/301336"
},
{
"name": "DSA-4206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab Community and Enterprise Editions",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "Versions before 10.1.6, 10.2.6, and 10.3.4"
}
]
}
],
"datePublic": "2018-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/301336"
},
{
"name": "DSA-4206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Community and Enterprise Editions",
"version": {
"version_data": [
{
"version_value": "Versions before 10.1.6, 10.2.6, and 10.3.4"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/301336",
"refsource": "MISC",
"url": "https://hackerone.com/reports/301336"
},
{
"name": "DSA-4206",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4206"
},
{
"name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0920",
"datePublished": "2018-03-22T15:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:16.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0922 (GCVE-0-2017-0922)
Vulnerability from cvelistv5 – Published: 2018-03-21 20:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key (CWE-639)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitLab | GitLab Community and Enterprise Editions |
Affected:
9.1.0 - 10.1.5 Fixed in 10.1.6
Affected: 10.2.0 - 10.2.5 Fixed in 10.2.6 Affected: 10.3.0 - 10.3.3 Fixed in 10.3.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/301123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab Community and Enterprise Editions",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "9.1.0 - 10.1.5 Fixed in 10.1.6"
},
{
"status": "affected",
"version": "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"status": "affected",
"version": "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-21T19:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/301123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Community and Enterprise Editions",
"version": {
"version_data": [
{
"version_value": "9.1.0 - 10.1.5 Fixed in 10.1.6"
},
{
"version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/301123",
"refsource": "MISC",
"url": "https://hackerone.com/reports/301123"
},
{
"name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0922",
"datePublished": "2018-03-21T20:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:16.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0936 (GCVE-0-2017-0936)
Vulnerability from cvelistv5 – Published: 2018-03-28 20:00 – Updated: 2024-09-16 21:58
VLAI?
Summary
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key (CWE-639)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nextcloud | Nextcloud Server |
Affected:
before 11.0.7 and 12.0.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/297751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server",
"vendor": "Nextcloud",
"versions": [
{
"status": "affected",
"version": "before 11.0.7 and 12.0.5"
}
]
}
],
"datePublic": "2018-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-28T19:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/297751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-02-07T00:00:00",
"ID": "CVE-2017-0936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "before 11.0.7 and 12.0.5"
}
]
}
}
]
},
"vendor_name": "Nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/297751",
"refsource": "MISC",
"url": "https://hackerone.com/reports/297751"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0936",
"datePublished": "2018-03-28T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T21:58:27.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3183 (GCVE-0-2017-3183)
Vulnerability from cvelistv5 – Published: 2018-07-24 15:00 – Updated: 2024-08-05 14:16
VLAI?
Title
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions
Summary
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sage | XRT Treasury |
Affected:
3
|
Credits
Thanks to Victor Portal Gonzalez of Deloitte Spain for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#742632",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/742632"
},
{
"name": "96477",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/96477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XRT Treasury",
"vendor": "Sage",
"versions": [
{
"status": "affected",
"version": "3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Victor Portal Gonzalez of Deloitte Spain for reporting this vulnerability."
}
],
"datePublic": "2017-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#742632",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/742632"
},
{
"name": "96477",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/96477"
}
],
"solutions": [
{
"lang": "en",
"value": "The vendor has indicated that XRT Treasury version 4 addresses this issue. Users are encouraged to update to the latest release and to encrypt connections to the database server."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3183",
"STATE": "PUBLIC",
"TITLE": "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XRT Treasury",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "3",
"version_value": "3"
}
]
}
}
]
},
"vendor_name": "Sage"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Victor Portal Gonzalez of Deloitte Spain for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#742632",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/742632"
},
{
"name": "96477",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96477"
}
]
},
"solution": [
{
"lang": "en",
"value": "The vendor has indicated that XRT Treasury version 4 addresses this issue. Users are encouraged to update to the latest release and to encrypt connections to the database server."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3183",
"datePublished": "2018-07-24T15:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25129 (GCVE-0-2018-25129)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:27
VLAI?
Title
SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints
Summary
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SOCA Technology Co., Ltd | SOCA Access Control System |
Affected:
180612
Affected: 170000 Affected: 141007 |
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25129",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:14:36.798266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:27:15.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SOCA Access Control System",
"vendor": "SOCA Technology Co., Ltd",
"versions": [
{
"status": "affected",
"version": "180612"
},
{
"status": "affected",
"version": "170000"
},
{
"status": "affected",
"version": "141007"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:43.322Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46832",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46832"
},
{
"name": "SOCA Technology Product Homepage",
"tags": [
"product"
],
"url": "http://www.socatech.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5517)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php"
}
],
"title": "SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25129",
"datePublished": "2025-12-24T19:27:43.322Z",
"dateReserved": "2025-12-24T14:28:02.432Z",
"dateUpdated": "2025-12-24T20:27:15.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-15581 (GCVE-0-2019-15581)
Vulnerability from cvelistv5 – Published: 2020-01-28 02:43 – Updated: 2024-08-05 00:49
VLAI?
Summary
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/518995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab EE",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 12.3.2"
},
{
"status": "affected",
"version": "before 12.2.6"
},
{
"status": "affected",
"version": "before 12.1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR exists in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T02:43:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/518995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab EE",
"version": {
"version_data": [
{
"version_value": "before 12.3.2"
},
{
"version_value": "before 12.2.6"
},
{
"version_value": "before 12.1.12"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR exists in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"name": "https://hackerone.com/reports/518995",
"refsource": "MISC",
"url": "https://hackerone.com/reports/518995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15581",
"datePublished": "2020-01-28T02:43:00",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15582 (GCVE-0-2019-15582)
Vulnerability from cvelistv5 – Published: 2020-01-28 02:36 – Updated: 2024-08-05 00:49
VLAI?
Summary
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/566216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab EE",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 12.3.2"
},
{
"status": "affected",
"version": "before 12.2.6"
},
{
"status": "affected",
"version": "before 12.1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR was discovered in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T02:36:05",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/566216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab EE",
"version": {
"version_data": [
{
"version_value": "before 12.3.2"
},
{
"version_value": "before 12.2.6"
},
{
"version_value": "before 12.1.12"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR was discovered in \u003c 12.3.2, \u003c 12.2.6, and \u003c 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/"
},
{
"name": "https://hackerone.com/reports/566216",
"refsource": "MISC",
"url": "https://hackerone.com/reports/566216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15582",
"datePublished": "2020-01-28T02:36:05",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25235 (GCVE-0-2019-25235)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:23
VLAI?
Title
Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages
Summary
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
Severity ?
9.8 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Smartwares | Smartwares HOME easy |
Affected:
1.0.9
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:05:39.585497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:23:58.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Smartwares HOME easy",
"vendor": "Smartwares",
"versions": [
{
"status": "affected",
"version": "1.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2019-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:55.565Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47595",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47595"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.smartwares.eu"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5540)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php"
}
],
"title": "Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25235",
"datePublished": "2025-12-24T19:27:55.565Z",
"dateReserved": "2025-12-24T14:27:12.475Z",
"dateUpdated": "2025-12-24T20:23:58.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-5466 (GCVE-0-2019-5466)
Vulnerability from cvelistv5 – Published: 2020-01-28 02:39 – Updated: 2024-08-04 19:54
VLAI?
Summary
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Insecure Direct Object Reference (IDOR) (CWE-639)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GitLab CE/EE |
Affected:
Affects GitLab CE/EE 11.5 and later
Affected: Fixed in 12.1.2 in 12.0.4 and in 11.11.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/507113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects GitLab CE/EE 11.5 and later"
},
{
"status": "affected",
"version": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Insecure Direct Object Reference (IDOR) (CWE-639)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T02:39:28",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/507113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "Affects GitLab CE/EE 11.5 and later"
},
{
"version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"
},
{
"name": "https://hackerone.com/reports/507113",
"refsource": "MISC",
"url": "https://hackerone.com/reports/507113"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5466",
"datePublished": "2020-01-28T02:39:28",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Phase: Architecture and Design
Description:
- Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.