Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-23 | CVE-2020-8297 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | 4.0 |
| 2021-02-11 | CVE-2021-21022 | Authorization Bypass Through User-Controlled Key vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. | 5.3 |
| 2021-02-02 | CVE-2020-36231 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. | 4.0 |
| 2020-12-18 | CVE-2020-26178 | Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated. | 5.0 |
| 2020-12-11 | CVE-2020-13357 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | 4.0 |
| 2020-11-18 | CVE-2020-26068 | Authorization Bypass Through User-Controlled Key vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. | 6.5 |
| 2020-10-28 | CVE-2020-27742 | Authorization Bypass Through User-Controlled Key vulnerability in Citadel Webcit 7.10/926 An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. | 4.0 |
| 2020-10-05 | CVE-2020-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4 Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 4.0 |
| 2020-09-23 | CVE-2020-16240 | Authorization Bypass Through User-Controlled Key vulnerability in GE Asset Performance Management Classic 4.4 GE Digital APM Classic, Versions 4.4 and prior. | 5.0 |
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |