Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-29024 | Authorization Bypass Through User-Controlled Key vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. | 5.3 |
| 2024-03-18 | CVE-2024-1604 | Authorization Bypass Through User-Controlled Key vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21 Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. | 6.8 |
| 2024-03-13 | CVE-2023-6969 | Authorization Bypass Through User-Controlled Key vulnerability in Kylebjohnson User Shortcodes Plus The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. | 4.3 |
| 2024-02-29 | CVE-2024-1470 | Authorization Bypass Through User-Controlled Key vulnerability in Netiq Client Login Extension 4.6 Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. | 7.8 |
| 2024-02-19 | CVE-2024-25983 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | 5.3 |
| 2024-02-13 | CVE-2023-49339 | Authorization Bypass Through User-Controlled Key vulnerability in Ellucian Banner Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. | 6.5 |
| 2024-02-12 | CVE-2024-0421 | Authorization Bypass Through User-Controlled Key vulnerability in Mappresspro Mappress Maps for Wordpress The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. | 5.3 |
| 2024-02-05 | CVE-2024-0366 | Authorization Bypass Through User-Controlled Key vulnerability in Squirrly Starbox The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. | 4.3 |
| 2024-02-05 | CVE-2023-6983 | Authorization Bypass Through User-Controlled Key vulnerability in Josevega Display Custom Fields in the Frontend - Post and User Profile Fields The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. | 4.3 |
| 2024-01-29 | CVE-2023-7199 | Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 5.3 |