Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5541 vulnerabilities reference this CWE, most recent first.

GHSA-WG65-W3R9-PHXW

Vulnerability from github – Published: 2023-06-22 12:30 – Updated: 2024-04-04 05:00
VLAI
Details

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-22T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.",
  "id": "GHSA-wg65-w3r9-phxw",
  "modified": "2024-04-04T05:00:01Z",
  "published": "2023-06-22T12:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29708"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shellpei/WAVLINK-Reset/blob/main/CVE-2023-29708"
    },
    {
      "type": "WEB",
      "url": "https://holistic-height-e6d.notion.site/WAVLINK-Wi-Fi-APP-Arbitrary-factory-reset-vulnerability-b2d747693a7442aaa8b045e57bbd8297"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGHF-MHCC-GJH8

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 02:54
VLAI
Details

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-03T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.",
  "id": "GHSA-wghf-mhcc-gjh8",
  "modified": "2024-04-04T02:54:09Z",
  "published": "2022-05-24T17:19:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3335"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-KSV-3wzbHYT4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGVP-JJ4W-88HF

Vulnerability from github – Published: 2025-06-30 18:31 – Updated: 2025-06-30 20:40
VLAI
Summary
Mattermost Incorrect Authorization vulnerability
Details

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20250513065225-4ae5d647fb88"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.0-20250513065225-4ae5d647fb88"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.11.0"
            },
            {
              "fixed": "9.11.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.5.0"
            },
            {
              "fixed": "10.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.6.0"
            },
            {
              "fixed": "10.6.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.7.0"
            },
            {
              "fixed": "10.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.8.0"
            },
            {
              "fixed": "10.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T20:40:41Z",
    "nvd_published_at": "2025-06-30T17:15:32Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost versions 10.5.x \u003c= 10.5.5, 9.11.x \u003c= 9.11.15, 10.8.x \u003c= 10.8.0, 10.7.x \u003c= 10.7.2, 10.6.x \u003c= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.",
  "id": "GHSA-wgvp-jj4w-88hf",
  "modified": "2025-06-30T20:40:41Z",
  "published": "2025-06-30T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47871"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost Incorrect Authorization vulnerability"
}

GHSA-WH2J-WJ4X-J48F

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.",
  "id": "GHSA-wh2j-wj4x-j48f",
  "modified": "2022-05-24T19:05:02Z",
  "published": "2022-05-24T19:05:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23140"
    },
    {
      "type": "WEB",
      "url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WH3W-V6GJ-FQH2

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-18 14:32
VLAI
Summary
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
Details

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

This issue affects Apache DolphinScheduler versions prior to 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.dolphinscheduler:dolphinscheduler-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T14:32:55Z",
    "nvd_published_at": "2026-06-17T13:20:38Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.2. \n\nUsers are recommended to upgrade to version 3.4.2, which fixes this issue.",
  "id": "GHSA-wh3w-v6gj-fqh2",
  "modified": "2026-06-18T14:32:55Z",
  "published": "2026-06-17T18:35:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41280"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/dolphinscheduler"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b4nmrtvw"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/17/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects"
}

GHSA-WHCC-JGF3-Q7PM

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-08-06 00:00
VLAI
Details

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-01T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.",
  "id": "GHSA-whcc-jgf3-q7pm",
  "modified": "2022-08-06T00:00:53Z",
  "published": "2022-05-24T19:19:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39341"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.php?rev=2606519#L1460"
    },
    {
      "type": "WEB",
      "url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39341"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHF9-3HCX-GQ54

Vulnerability from github – Published: 2026-04-09 17:33 – Updated: 2026-05-06 02:41
VLAI
Summary
OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing
Details

Impact

OpenClaw device.token.rotate mints tokens for unapproved roles, bypassing device role-upgrade pairing.

Device token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval.

OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= v2026.04.01
  • Patched versions: 2026.4.8

Fix

The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.

Verification

The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.

Credits

Thanks @nicky-cc of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-09T17:33:05Z",
    "nvd_published_at": "2026-04-28T19:37:45Z",
    "severity": "MODERATE"
  },
  "details": "## Impact\n\nOpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing.\n\nDevice token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= v2026.04.01`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @nicky-cc  of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.",
  "id": "GHSA-whf9-3hcx-gq54",
  "modified": "2026-05-06T02:41:02Z",
  "published": "2026-04-09T17:33:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42422"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-role-bypass-in-device-token-rotate-function"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing"
}

GHSA-WHHH-F2G9-5MVC

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-27T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
  "id": "GHSA-whhh-f2g9-5mvc",
  "modified": "2022-05-13T01:02:41Z",
  "published": "2022-05-13T01:02:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5060"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1124"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/683314"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201705-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97939"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038317"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHHX-238V-WR87

Vulnerability from github – Published: 2024-07-26 03:30 – Updated: 2026-01-29 12:30
VLAI
Details

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users.

While this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable — including those admins who have not been granted this ability — such as by using a session ID to generate an API token.

Fixed in: 24.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-26T02:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In the System \u2192 Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess \"Sign In As\" powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users.\n\n\nWhile this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable \u2014 including those admins who have not been granted this ability \u2014 such as by using a session ID to generate an API token.\n\nFixed in:\u00a024.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS",
  "id": "GHSA-whhx-238v-wr87",
  "modified": "2026-01-29T12:30:24Z",
  "published": "2024-07-26T03:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4447"
    },
    {
      "type": "WEB",
      "url": "https://auth.dotcms.com/security/SI-72"
    },
    {
      "type": "WEB",
      "url": "https://www.dotcms.com/security/SI-72"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHJW-QRGV-PM72

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI
Details

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-30T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.",
  "id": "GHSA-whjw-qrgv-pm72",
  "modified": "2022-05-24T17:22:07Z",
  "published": "2022-05-24T17:22:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5582"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN55497111/index.html"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/36455"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.