CWE-639 - Authorization Bypass Through User-Controlled Key

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Latest vulnerabilities for CWE-639

Authorization bypass through user-controlled key in Rundeck 2022-03-04
Medium Yes

Privilege escalation in Nextcloud Deck 2021-10-26
Medium Yes

Authorization bypass through user-controlled key in Mitsubishi Electric MELSEC iQ-R Series 2021-10-15
High No

Multiple vulnerabilities in Siemens Teamcenter 2021-09-17
Medium Yes

Authorization bypass through user-controlled key in Siemens Industrial Edge 2021-09-16
High Yes

Authorization bypass through user-controlled key in Nextcloud Circles 2021-09-07
Medium Yes

References

Description of CWE-639 on Mitre website