CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5537 vulnerabilities reference this CWE, most recent first.
GHSA-WJPH-8W5R-9GHM
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2022-05-24 17:11cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
{
"affected": [],
"aliases": [
"CVE-2020-10117"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-17T15:15:00Z",
"severity": "MODERATE"
},
"details": "cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).",
"id": "GHSA-wjph-8w5r-9ghm",
"modified": "2022-05-24T17:11:43Z",
"published": "2022-05-24T17:11:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10117"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WJX2-7G7G-VJ3G
Vulnerability from github – Published: 2023-09-15 00:30 – Updated: 2024-04-04 07:41Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.
{
"affected": [],
"aliases": [
"CVE-2023-37881"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-12T09:15:08Z",
"severity": "HIGH"
},
"details": "Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: \u003c= 7.2.0.\n\n",
"id": "GHSA-wjx2-7g7g-vj3g",
"modified": "2024-04-04T07:41:30Z",
"published": "2023-09-15T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37881"
},
{
"type": "WEB",
"url": "https://www.wftpserver.com/serverhistory.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WM68-VVJF-2RC3
Vulnerability from github – Published: 2023-01-24 00:30 – Updated: 2025-01-01 03:31Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-21719"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-24T00:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.",
"id": "GHSA-wm68-vvjf-2rc3",
"modified": "2025-01-01T03:31:34Z",
"published": "2023-01-24T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21719"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21719"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21719"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WM8R-W8PF-2V6W
Vulnerability from github – Published: 2026-03-02 22:14 – Updated: 2026-03-20 21:36Summary
In OpenClaw 2026.2.25, Signal group authorization under groupPolicy=allowlist could accept sender identities sourced from DM pairing-store approvals. This allowed DM pairing approvals to leak into group allowlist evaluation.
Impact
This is an authorization-boundary weakness between DM pairing and group allowlist controls. A sender approved for DM pairing could pass group checks without explicit group allowlisting.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published version affected:
2026.2.25 - Vulnerable range:
<= 2026.2.25 - Patched version (planned next release):
>= 2026.2.26
Fix
OpenClaw now keeps DM pairing-store entries DM-only and enforces explicit group allowlist boundaries in shared DM/group policy resolution used by Signal and other channels.
Fix Commit(s)
8bdda7a651c21e98faccdbbd73081e79cffe8be064de4b6d6ae81e269ceb4ca16f53cda99ced967a
Release Process Note
patched_versions is pre-set to the planned next release (2026.2.26). After npm publish of that version, this advisory is ready to publish without further content edits.
Thanks @tdjackey for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.26"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31991"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-02T22:14:56Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\nIn OpenClaw `2026.2.25`, Signal group authorization under `groupPolicy=allowlist` could accept sender identities sourced from DM pairing-store approvals. This allowed DM pairing approvals to leak into group allowlist evaluation.\n\n### Impact\nThis is an authorization-boundary weakness between DM pairing and group allowlist controls. A sender approved for DM pairing could pass group checks without explicit group allowlisting.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version affected: `2026.2.25`\n- Vulnerable range: `\u003c= 2026.2.25`\n- Patched version (planned next release): `\u003e= 2026.2.26`\n\n### Fix\nOpenClaw now keeps DM pairing-store entries DM-only and enforces explicit group allowlist boundaries in shared DM/group policy resolution used by Signal and other channels.\n\n### Fix Commit(s)\n- `8bdda7a651c21e98faccdbbd73081e79cffe8be0`\n- `64de4b6d6ae81e269ceb4ca16f53cda99ced967a`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.26`). After npm publish of that version, this advisory is ready to publish without further content edits.\n\nThanks @tdjackey for reporting.",
"id": "GHSA-wm8r-w8pf-2v6w",
"modified": "2026-03-20T21:36:10Z",
"published": "2026-03-02T22:14:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wm8r-w8pf-2v6w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31991"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/64de4b6d6ae81e269ceb4ca16f53cda99ced967a"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-dm-pairing-store-leakage-in-signal-group-allowlist"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage"
}
GHSA-WMR8-25FF-GGPJ
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-06-28 23:28A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.121.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.122"
},
{
"fixed": "2.132"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1999004"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-28T23:28:29Z",
"nvd_published_at": "2018-07-23T19:29:00Z",
"severity": "MODERATE"
},
"details": "A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.",
"id": "GHSA-wmr8-25ff-ggpj",
"modified": "2022-06-28T23:28:29Z",
"published": "2022-05-13T01:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999004"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/40250f08aca7f3f8816f21870ee23463a52ef2f2"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/jenkins"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Authorization in Jenkins"
}
GHSA-WMX7-X4JP-9JGG
Vulnerability from github – Published: 2023-03-07 20:04 – Updated: 2023-03-07 20:04Impact
There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can only be triggered by authenticated users authorized to read those data streams which are backed by the impacted indexes. Additionally, existing privileged users cannot access random indexes within these clusters; they can only access indexes to which they have already been granted permission.
Patches
OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue.
Workarounds
There is no recommended work around.
For more information
If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.opensearch.plugin:opensearch-security"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.opensearch.plugin:opensearch-security"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41918"
],
"database_specific": {
"cwe_ids": [
"CWE-612",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-07T20:04:42Z",
"nvd_published_at": "2022-11-15T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThere is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can only be triggered by authenticated users authorized to read those data streams which are backed by the impacted indexes. Additionally, existing privileged users cannot access random indexes within these clusters; they can only access indexes to which they have already been granted permission.\n\n### Patches\nOpenSearch 1.3.7 and 2.4.0 contain a fix for this issue.\n\n### Workarounds\nThere is no recommended work around.\n\n### For more information\nIf you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.\n",
"id": "GHSA-wmx7-x4jp-9jgg",
"modified": "2023-03-07T20:04:42Z",
"published": "2023-03-07T20:04:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/opensearch-project/security/security/advisories/GHSA-wmx7-x4jp-9jgg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41918"
},
{
"type": "WEB",
"url": "https://github.com/opensearch-project/security/commit/f7cc569c9d3fa5d5432c76c854eed280d45ce6f4"
},
{
"type": "PACKAGE",
"url": "https://github.com/opensearch-project/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "OpenSearch has issue with fine-grained access control of indices backing data streams"
}
GHSA-WP73-C4GH-8CCR
Vulnerability from github – Published: 2024-10-24 18:30 – Updated: 2024-10-24 21:31Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.
{
"affected": [],
"aliases": [
"CVE-2024-48541"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-24T17:15:17Z",
"severity": "HIGH"
},
"details": "Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file.",
"id": "GHSA-wp73-c4gh-8ccr",
"modified": "2024-10-24T21:31:03Z",
"published": "2024-10-24T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48541"
},
{
"type": "WEB",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ruochan.dabai/com.ruochan.dabai.md"
},
{
"type": "WEB",
"url": "http://www.ruochanit.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WP7Q-XRRH-6RXG
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-09-25 00:00Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.
{
"affected": [],
"aliases": [
"CVE-2021-25366"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T17:15:00Z",
"severity": "LOW"
},
"details": "Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode\u0027s authentication.",
"id": "GHSA-wp7q-xrrh-6rxg",
"modified": "2022-09-25T00:00:18Z",
"published": "2022-05-24T17:45:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25366"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WP87-5QFW-74X3
Vulnerability from github – Published: 2022-09-10 00:00 – Updated: 2022-09-11 00:00Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
{
"affected": [],
"aliases": [
"CVE-2022-36857"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-09T15:15:00Z",
"severity": "LOW"
},
"details": "Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.",
"id": "GHSA-wp87-5qfw-74x3",
"modified": "2022-09-11T00:00:30Z",
"published": "2022-09-10T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36857"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WP87-MGVQ-5J93
Vulnerability from github – Published: 2026-07-01 20:21 – Updated: 2026-07-01 20:21An anonymous caller could create new namespaces and databases on a running SurrealDB instance without holding DEFINE NAMESPACE or DEFINE DATABASE permission.
USE NS <name> and USE DB <name> automatically create the target when it does not exist. The three places USE is handled — the RPC use method, Datastore::process_use, and the SurrealQL executor — did not check whether the caller was allowed to create the resource. Under default capabilities any session reached this path, including an unauthenticated guest.
Impact
What an attacker can do:
- Create new namespaces and databases without
DEFINE NAMESPACE/DEFINE DATABASEpermission. An unauthenticated guest is enough under default capabilities. - Recreate a parent namespace that an operator deliberately dropped, using a stale namespace-Editor token, by running
USE NS <dropped> DB anything. - Exhaust catalog storage by repeatedly creating new resources.
What it can't do:
- Read or modify data inside any pre-existing namespace or database.
- Escalate to root or namespace-owner privileges on existing resources.
- Affect deployments running with
auth_enabled=false.
Patches
All three USE entry points now check whether the caller has DEFINE NAMESPACE / DEFINE DATABASE authority before creating a missing target. Sessions still update their context regardless of authorization, so SDKs that send use before signin continue to work — only the catalog creation step is gated. The parent-namespace side-effect path is closed by the same check.
Versions 3.1.0 and later are not affected.
Workarounds
- Set
--deny-arbitrary-query *for guest principals to remove the entry point. - Run with
--authand require all callers tosigninbefore issuinguse. - Revoke namespace-level tokens promptly when a namespace is dropped.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "surrealdb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T20:21:25Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "An anonymous caller could create new namespaces and databases on a running SurrealDB instance without holding `DEFINE NAMESPACE` or `DEFINE DATABASE` permission.\n\n`USE NS \u003cname\u003e` and `USE DB \u003cname\u003e` automatically create the target when it does not exist. The three places `USE` is handled \u2014 the RPC `use` method, `Datastore::process_use`, and the SurrealQL executor \u2014 did not check whether the caller was allowed to create the resource. Under default capabilities any session reached this path, including an unauthenticated guest.\n\n### Impact\n\nWhat an attacker **can** do:\n\n- Create new namespaces and databases without `DEFINE NAMESPACE` / `DEFINE DATABASE` permission. An unauthenticated guest is enough under default capabilities.\n- Recreate a parent namespace that an operator deliberately dropped, using a stale namespace-Editor token, by running `USE NS \u003cdropped\u003e DB anything`.\n- Exhaust catalog storage by repeatedly creating new resources.\n\nWhat it **can\u0027t** do:\n\n- Read or modify data inside any pre-existing namespace or database.\n- Escalate to root or namespace-owner privileges on existing resources.\n- Affect deployments running with `auth_enabled=false`.\n\n### Patches\n\nAll three `USE` entry points now check whether the caller has `DEFINE NAMESPACE` / `DEFINE DATABASE` authority before creating a missing target. Sessions still update their context regardless of authorization, so SDKs that send `use` before `signin` continue to work \u2014 only the catalog creation step is gated. The parent-namespace side-effect path is closed by the same check.\n\nVersions 3.1.0 and later are not affected.\n\n### Workarounds\n\n- Set `--deny-arbitrary-query *` for guest principals to remove the entry point.\n- Run with `--auth` and require all callers to `signin` before issuing `use`.\n- Revoke namespace-level tokens promptly when a namespace is dropped.",
"id": "GHSA-wp87-mgvq-5j93",
"modified": "2026-07-01T20:21:25Z",
"published": "2026-07-01T20:21:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/security/advisories/GHSA-wp87-mgvq-5j93"
},
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/commit/f3ee3bd55533c14f1fa3e69ce18fc8904c1ce3f9"
},
{
"type": "PACKAGE",
"url": "https://github.com/surrealdb/surrealdb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "SurrealDB: USE NS/DB implicit creation bypasses DEFINE authorization"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.