Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-19 | CVE-2022-34621 | Authorization Bypass Through User-Controlled Key vulnerability in Mealie 0.5.5/1.0.0 Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | 6.5 |
| 2022-08-05 | CVE-2022-2499 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 4.3 |
| 2022-08-05 | CVE-2022-36284 | Authorization Bypass Through User-Controlled Key vulnerability in Storeapps Affiliate for Woocommerce Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. | 6.5 |
| 2022-07-20 | CVE-2022-34150 | Authorization Bypass Through User-Controlled Key vulnerability in Micodus Mv720 Firmware The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. | 5.4 |
| 2022-07-19 | CVE-2022-2193 | Authorization Bypass Through User-Controlled Key vulnerability in Hypr Server 6.10 Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. | 8.8 |
| 2022-07-15 | CVE-2022-1881 | Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. | 5.3 |
| 2022-07-08 | CVE-2022-30852 | Authorization Bypass Through User-Controlled Key vulnerability in Withknown Known Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | 4.3 |
| 2022-07-08 | CVE-2022-1245 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak A privilege escalation flaw was found in the token exchange feature of keycloak. | 9.8 |
| 2022-07-06 | CVE-2022-31131 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud mail is a Mail app for the Nextcloud home server product. | 4.3 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68 this vulnerability affect user that even not allowed to access via the web interface. | 6.3 |