Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-22967

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-19 Nov, 2021 | 18:11
Updated At-03 Aug, 2024 | 18:58
Rejected At-
Credits

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:19 Nov, 2021 | 18:11
Updated At:03 Aug, 2024 | 18:58
Rejected At:
▼CVE Numbering Authority (CNA)

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H

Affected Products
Vendor
n/a
Product
https://github.com/concrete5/concrete5
Versions
Affected
  • Affected version - Concrete 8.5.6 and below. Fixed version 9.0 and 8.5.7
Problem Types
TypeCWE IDDescription
CWECWE-639Insecure Direct Object Reference (IDOR) (CWE-639)
Type: CWE
CWE ID: CWE-639
Description: Insecure Direct Object Reference (IDOR) (CWE-639)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
x_refsource_MISC
https://hackerone.com/reports/869612
x_refsource_MISC
Hyperlink: https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
Resource:
x_refsource_MISC
Hyperlink: https://hackerone.com/reports/869612
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
x_refsource_MISC
x_transferred
https://hackerone.com/reports/869612
x_refsource_MISC
x_transferred
Hyperlink: https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://hackerone.com/reports/869612
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:19 Nov, 2021 | 19:15
Updated At:23 Nov, 2021 | 13:22

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
concretecms
concretecms
>>concrete_cms>>Versions before 8.5.7(exclusive)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-639Primarynvd@nist.gov
CWE-639Secondarysupport@hackerone.com
CWE ID: CWE-639
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-639
Type: Secondary
Source: support@hackerone.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://documentation.concretecms.org/developers/introduction/version-history/857-release-notessupport@hackerone.com
Release Notes
Vendor Advisory
https://hackerone.com/reports/869612support@hackerone.com
Permissions Required
Hyperlink: https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
Source: support@hackerone.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://hackerone.com/reports/869612
Source: support@hackerone.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

119Records found
CVE-2024-4464
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.87%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 06:00
Updated-18 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-Media Server
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-43315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.64%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:32
Updated-19 Aug, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.

Action-Not Available
Vendor-Checkout Pluginscheckoutplugins
Product-Stripe Payments For WooCommerce by Checkoutstripe_payments_for_woocommerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-42422
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.19% / 40.89%
||
7 Day CHG-0.00%
Published-03 Dec, 2024 | 12:15
Updated-03 Feb, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-networkerNetWorkernetworker
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-39033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-33818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.26%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 16:39
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.

Action-Not Available
Vendor-n/aglobitel
Product-n/aspeechlog
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-33383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.78%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter.

Action-Not Available
Vendor-n/anovel-plus
Product-n/anovel-plus
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-32683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.16%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 11:57
Updated-09 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

Action-Not Available
Vendor-wpmetWpmetwpmet
Product-wp_ultimate_reviewWp Ultimate Reviewwp_ultimate_review
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-27630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.95%
||
7 Day CHG+0.22%
Published-08 Apr, 2024 | 00:00
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.

Action-Not Available
Vendor-n/asavannah
Product-n/asavane
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-23747
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.21%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

Action-Not Available
Vendor-modernasistemasn/a
Product-modernanet_hospital_management_system_2024n/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2018-19584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.13%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 16:50
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-22305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 11:49
Updated-23 May, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.

Action-Not Available
Vendor-kaliformsali Forms
Product-kali_formsContact Form builder with drag & drop for WordPress – Kali Forms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-13558
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.49%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 11:11
Updated-27 Mar, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure

The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests.

Action-Not Available
Vendor-neahpluginsgplsaver
Product-np_quote_request_for_woocommerceNP Quote Request for WooCommerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-3846
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.08%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 16:51
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.

Action-Not Available
Vendor-amentotechUnknown
Product-workreapWorkreap
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-13694
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.34%
||
7 Day CHG+0.01%
Published-30 Jan, 2025 | 08:21
Updated-04 Feb, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function

The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to.

Action-Not Available
Vendor-moreconvertmoreconvert
Product-woocommerce_wishlistWooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-36539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.35% / 88.50%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 16:22
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children.

Action-Not Available
Vendor-eigen\&wijzer_ouderapp_projectn/a
Product-eigen\&wijzer_ouderappn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-34775
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.27%
||
7 Day CHG+0.21%
Published-22 Aug, 2022 | 14:42
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tabit - Excessive data exposure

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.

Action-Not Available
Vendor-tabitTabit
Product-tabitTabit
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-43438
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.44%
||
7 Day CHG+0.01%
Published-07 Nov, 2024 | 13:31
Updated-05 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-29446
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-18 Jan, 2021 | 01:30
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCrucible
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-24312
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 00:00
Updated-01 Aug, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component.

Action-Not Available
Vendor-n/avaales_technologies
Product-n/av_qrs
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found