Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7950 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2019-7925 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 4.9 |
| 2019-08-02 | CVE-2019-7890 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.3 |
| 2019-08-02 | CVE-2019-7872 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. | 6.5 |
| 2019-08-02 | CVE-2019-7864 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 5.3 |
| 2019-08-02 | CVE-2019-7854 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. | 7.5 |
| 2019-07-16 | CVE-2019-13605 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. | 8.8 |
| 2019-07-16 | CVE-2019-13360 | Authorization Bypass Through User-Controlled Key vulnerability in Control-Webpanel Webpanel 0.9.8.836 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | 9.8 |
| 2019-07-10 | CVE-2018-19584 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. | 7.5 |
| 2019-07-10 | CVE-2018-19582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | 4.3 |