CWE-639 - Authorization Bypass Through User-Controlled Key

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.






Latest vulnerabilities for CWE-639

References

Description of CWE-639 on Mitre website