Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-15 | CVE-2022-1881 | Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. | 5.3 |
| 2022-07-08 | CVE-2022-30852 | Authorization Bypass Through User-Controlled Key vulnerability in Withknown Known Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | 4.3 |
| 2022-07-08 | CVE-2022-1245 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak A privilege escalation flaw was found in the token exchange feature of keycloak. | 9.8 |
| 2022-07-06 | CVE-2022-31131 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud mail is a Mail app for the Nextcloud home server product. | 4.3 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68 this vulnerability affect user that even not allowed to access via the web interface. | 6.3 |
| 2022-07-01 | CVE-2022-2243 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. | 4.3 |
| 2022-06-28 | CVE-2022-31883 | Authorization Bypass Through User-Controlled Key vulnerability in Marvalglobal Marval MSM 14.19.0.12476 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. | 8.8 |
| 2022-06-27 | CVE-2017-20101 | Authorization Bypass Through User-Controlled Key vulnerability in Projectsend R754 A vulnerability, which was classified as problematic, was found in ProjectSend r754. | 5.7 |
| 2022-06-16 | CVE-2022-31295 | Authorization Bypass Through User-Controlled Key vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | 7.5 |
| 2022-06-09 | CVE-2022-30760 | Authorization Bypass Through User-Controlled Key vulnerability in Ihb-Eg Fn2Web An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. | 4.3 |