Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-15 | CVE-2018-17449 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. | 7.5 |
| 2023-04-15 | CVE-2018-17455 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. | 7.5 |
| 2023-04-14 | CVE-2022-45175 | Authorization Bypass Through User-Controlled Key vulnerability in Liveboxcloud Vdesk 018 An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 6.5 |
| 2023-04-05 | CVE-2023-0967 | Authorization Bypass Through User-Controlled Key vulnerability in Imaworldhealth Bhima 1.27.0 Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. | 6.5 |
| 2023-04-04 | CVE-2023-1749 | Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. | 6.5 |
| 2023-04-04 | CVE-2023-1750 | Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. | 7.1 |
| 2023-03-29 | CVE-2023-26984 | Authorization Bypass Through User-Controlled Key vulnerability in Peppermint 0.2.4 An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. | 8.1 |
| 2023-03-24 | CVE-2023-24625 | Authorization Bypass Through User-Controlled Key vulnerability in Ladybirdweb Faveo Servicedesk 5.0.1 Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. | 6.5 |
| 2023-03-24 | CVE-2023-28686 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. | 7.1 |
| 2023-03-23 | CVE-2023-28334 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 |