CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,830 vulnerabilities with CWE-639
CVE-2017-15195 MEDIUM
Kanboard - Authenticated Authorization Bypass via Swimlane Form Manipulation
CVSS 4.3
CVE-2017-0882 MEDIUM
GitLab <8.15.8-8.17.4 - Info Disclosure
CVSS 6.3
CVE-2016-20033 HIGH
Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe
CVSS 7.8
CVE-2014-8356 HIGH
Zhone zNID 2426A < s3.0.501 - Authenticated Authorization Bypass via Insecure Direct Object Reference
CVSS 8.8
CVE-2012-5571 MEDIUM
OpenStack Keystone Essex/Folsom - Auth Bypass
CVSS 5.4
Details
Vulnerabilities 1,830
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits