Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7854 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.
network
low complexity
magento CWE-639
7.5
2019-07-16 CVE-2019-13605 Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username.
network
low complexity
control-webpanel CWE-639
8.8
2019-07-16 CVE-2019-13360 Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
network
low complexity
control-webpanel CWE-639
critical
9.8
2019-07-10 CVE-2018-19584 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.
network
low complexity
gitlab CWE-639
7.5
2019-07-10 CVE-2018-19582 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.
network
low complexity
gitlab CWE-639
4.3
2019-07-10 CVE-2018-19575 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
network
low complexity
gitlab CWE-639
4.3
2019-07-09 CVE-2019-13461 Authorization Bypass Through User-Controlled Key vulnerability in Prestashop
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout.
network
low complexity
prestashop CWE-639
7.5
2019-07-09 CVE-2019-12782 Authorization Bypass Through User-Controlled Key vulnerability in Thoughtspot 4.4.1/4.5.1/5.1.1
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.
network
low complexity
thoughtspot CWE-639
8.1
2019-07-05 CVE-2019-5966 Authorization Bypass Through User-Controlled Key vulnerability in Joruri Mail 2.1.4
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.
network
low complexity
joruri CWE-639
5.4
2019-07-03 CVE-2019-12866 Authorization Bypass Through User-Controlled Key vulnerability in Jetbrains Youtrack
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack.
network
low complexity
jetbrains CWE-639
critical
9.8