Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-5469 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets. | 5.5 |
| 2019-12-06 | CVE-2019-19616 | Authorization Bypass Through User-Controlled Key vulnerability in Xtivia web Time and Expense 2016 An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function. | 4.0 |
| 2019-11-21 | CVE-2014-8356 | Authorization Bypass Through User-Controlled Key vulnerability in Dasanzhone Znid 2426A Firmware The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. | 6.5 |
| 2019-11-21 | CVE-2019-16546 | Authorization Bypass Through User-Controlled Key vulnerability in Jenkins Google Compute Engine Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 5.9 |
| 2019-11-21 | CVE-2019-16340 | Authorization Bypass Through User-Controlled Key vulnerability in Linksys products Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | 6.4 |
| 2019-11-12 | CVE-2019-15815 | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3) ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | 4.0 |
| 2019-11-07 | CVE-2019-17605 | Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. | 6.5 |
| 2019-11-07 | CVE-2019-17604 | Authorization Bypass Through User-Controlled Key vulnerability in Eyecomms Eyecms 20191015 An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). | 4.0 |
| 2019-10-30 | CVE-2019-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. | 4.0 |
| 2019-10-14 | CVE-2019-17574 | Authorization Bypass Through User-Controlled Key vulnerability in Code-Atlantic Popup Maker An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. | 6.4 |