Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2020-23722 | Authorization Bypass Through User-Controlled Key vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS 1.4.7. | 8.8 |
| 2021-03-02 | CVE-2021-21255 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi 9.5.3 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 5.7 |
| 2021-02-23 | CVE-2020-8297 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | 4.3 |
| 2021-02-09 | CVE-2020-13462 | Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1 Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. | 5.7 |
| 2021-02-04 | CVE-2020-16194 | Authorization Bypass Through User-Controlled Key vulnerability in Store-Opart Quote An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. | 5.3 |
| 2021-02-03 | CVE-2021-26024 | Authorization Bypass Through User-Controlled Key vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | 5.3 |
| 2021-02-02 | CVE-2020-36231 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. | 4.3 |
| 2021-01-26 | CVE-2020-23449 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. | 7.5 |
| 2021-01-18 | CVE-2020-29446 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. | 5.3 |
| 2021-01-04 | CVE-2020-4918 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. | 4.4 |