Weekly Vulnerabilities Reports > August 8 to 14, 2022

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

In Wi-Fi, there is a permissions bypass.

VMware vRealize Operations contains an information disclosure vulnerability.

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.

Active Directory Domain Services Elevation of Privilege Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

SMB Client and Server Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data.

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network.

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system.

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass.

In Keyguard, there is a missing permission check.

In Core, there is a possible way to start an activity from the background due to a missing permission check.

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check.

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check.

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation.

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check.

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check.

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check.

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files.

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution.

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Microsoft ATA Port Driver Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Windows Error Reporting Service Elevation of Privilege Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Permission control vulnerability in the network module.

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module.

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

VMware vRealize Operations contains an authentication bypass vulnerability.

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions).

Affected devices do not properly handle the renegotiation of SSL/TLS parameters.

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.

Windows Bluetooth Service Remote Code Execution Vulnerability

Windows WebBrowser Control Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

Microsoft Excel Security Feature Bypass Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen.

VMware vRealize Operations contains a privilege escalation vulnerability.

Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Windows Fax Service Elevation of Privilege Vulnerability

Azure Batch Node Agent Elevation of Privilege Vulnerability

Dm-verity is used for extending root-of-trust to root filesystems.

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation.

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking.

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow.

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

In Gitea before 1.16.9, it was possible for users to add existing issues to projects.

In Bluetooth, there is a possible cleanup failure due to an uncaught exception.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions.

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.

Microsoft Exchange Server Information Disclosure Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

In the Audio HAL, there is a possible out of bounds write due to a race condition.

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition.

Azure Site Recovery Denial of Service Vulnerability

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.

Windows Hello Security Feature Bypass Vulnerability

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability.

Windows Defender Credential Guard Security Feature Bypass Vulnerability

.NET Spoofing Vulnerability

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check.

In the Phone app, there is a possible crash loop due to resource exhaustion.

In ActivityManager, there is a way to read process state for other users due to a missing permission check.

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass.

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In Telephony, there is a possible information disclosure due to a missing permission check.

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass.

In Content, there is a possible way to learn about an account present on the device due to a missing permission check.

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check.

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check.

In Content, there is a possible way to check if an account exists on the device due to a missing permission check.

In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check.

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check.

In PackageManager, there is a possible installed package disclosure due to a missing permission check.

In PackageManager, there is a possible package installation disclosure due to a missing permission check.

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check.

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check.

In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check.

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check.

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data.

Windows Kernel Information Disclosure Vulnerability

Azure RTOS GUIX Studio Information Disclosure Vulnerability

Azure RTOS GUIX Studio Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS.

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.

Microsoft Exchange Server Information Disclosure Vulnerability

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information.

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Affected devices do not properly sanitize data introduced by an user when rendering the web interface.

Microsoft Exchange Server Information Disclosure Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass.

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check.

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Sphere Information Disclosure Vulnerability

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.

In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check.

In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check.

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check.

In ContentService, there is a possible disclosure of available account types due to a missing permission check.

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check.

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check.

In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check.

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check.

In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check.

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation.

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check.

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check.

In LocationManager, there is a possible way to get location information due to a missing permission check.