Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2021-26024 | Authorization Bypass Through User-Controlled Key vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | 5.3 |
| 2021-02-02 | CVE-2020-36231 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. | 4.3 |
| 2021-01-26 | CVE-2020-23449 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. | 7.5 |
| 2021-01-18 | CVE-2020-29446 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. | 5.3 |
| 2021-01-04 | CVE-2020-4918 | Authorization Bypass Through User-Controlled Key vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. | 4.4 |
| 2020-12-30 | CVE-2020-35849 | Authorization Bypass Through User-Controlled Key vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.4. | 7.5 |
| 2020-12-27 | CVE-2020-29156 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. | 5.3 |
| 2020-12-18 | CVE-2020-26178 | Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow 1.17.5 In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated. | 5.3 |
| 2020-12-18 | CVE-2020-26175 | Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow 1.17.5 In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users. | 6.5 |
| 2020-12-18 | CVE-2020-26173 | Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow 1.17.5 An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. | 4.3 |