Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-39900 | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. | 5.4 |
| 2024-07-09 | CVE-2024-39901 | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Observability is collection of plugins and applications that visualize data-driven events. | 5.4 |
| 2024-07-09 | CVE-2024-21759 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | 4.3 |
| 2024-07-09 | CVE-2023-38047 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). | 8.1 |
| 2024-07-09 | CVE-2023-38048 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). | 8.1 |
| 2024-07-09 | CVE-2023-38049 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). | 8.1 |
| 2024-07-09 | CVE-2023-38050 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). | 8.1 |
| 2024-07-09 | CVE-2023-38051 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). | 8.1 |
| 2024-07-09 | CVE-2023-38052 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). | 8.1 |
| 2024-07-09 | CVE-2023-38053 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). | 8.1 |