Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-23 | CVE-2020-8297 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | 4.3 |
| 2021-02-09 | CVE-2020-13462 | Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1 Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. | 5.7 |
| 2021-02-04 | CVE-2020-16194 | Authorization Bypass Through User-Controlled Key vulnerability in Store-Opart Quote An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. | 5.3 |
| 2021-02-03 | CVE-2021-26024 | Authorization Bypass Through User-Controlled Key vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | 5.3 |
| 2021-02-02 | CVE-2020-36231 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. | 4.3 |
| 2021-01-26 | CVE-2020-23449 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. | 7.5 |
| 2021-01-18 | CVE-2020-29446 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. | 5.3 |
| 2021-01-04 | CVE-2020-4918 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. | 4.4 |
| 2020-12-30 | CVE-2020-35849 | Authorization Bypass Through User-Controlled Key vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.4. | 7.5 |
| 2020-12-27 | CVE-2020-29156 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. | 5.3 |