Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-02 | CVE-2023-45892 | Authorization Bypass Through User-Controlled Key vulnerability in Floorsightsoftware Insight Q32023 An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 7.5 |
| 2024-01-02 | CVE-2023-45893 | Authorization Bypass Through User-Controlled Key vulnerability in Floorsightsoftware Customer Portal Q32023 An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 7.5 |
| 2023-12-28 | CVE-2023-50267 | Authorization Bypass Through User-Controlled Key vulnerability in Metersphere MeterSphere is a one-stop open source continuous testing platform. | 4.3 |
| 2023-12-21 | CVE-2023-46646 | Authorization Bypass Through User-Controlled Key vulnerability in Github Enterprise Server Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. | 5.3 |
| 2023-12-21 | CVE-2023-32799 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Shipping multiple Addresses Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | 6.5 |
| 2023-12-20 | CVE-2023-36520 | Authorization Bypass Through User-Controlled Key vulnerability in Zackgrossbart Editorial Calendar Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | 8.1 |
| 2023-12-19 | CVE-2023-6929 | Authorization Bypass Through User-Controlled Key vulnerability in Eurotel Etl3100 Firmware 01C01/01X37 EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. | 9.8 |
| 2023-12-12 | CVE-2023-46701 | Authorization Bypass Through User-Controlled Key vulnerability in Mattermost Server Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | 5.3 |
| 2023-12-12 | CVE-2023-48641 | Authorization Bypass Through User-Controlled Key vulnerability in Archerirm Archer Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. | 8.8 |
| 2023-11-30 | CVE-2023-6341 | Authorization Bypass Through User-Controlled Key vulnerability in Catalisgov Cms360 Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. | 5.3 |