CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,580 vulnerabilities with CWE-639
CVE-2017-15195 MEDIUM
Kanboard - IDOR
CVSS 4.3
CVE-2017-0882 MEDIUM
GitLab <8.15.8-8.17.4 - Info Disclosure
CVSS 6.3
CVE-2016-20033 HIGH
Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe
CVSS 7.8
CVE-2014-8356 HIGH
Dasanzhone Znid 2426a Firmware < s3.0.501 - IDOR
CVSS 8.8
CVE-2012-5571 MEDIUM
OpenStack Keystone Essex/Folsom - Auth Bypass
CVSS 5.4
Details
Vulnerabilities 1,580
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits