CWE-862: Missing Authorization

参考: CVE-2024-6845

chatbot Wordpress plugin does not perform authorization on a REST endpoint, allowing retrieval of an API key

参考: CVE-2025-2224

AI-enabled WordPress plugin has a missing capability check for a particular function, allowing changing public status of posts

参考: CVE-2022-24730

Go-based continuous deployment product does not check that a user has certain privileges to update or create an app, allowing adversaries to read sensitive repository information

参考: CVE-2009-3168

Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.

参考: CVE-2009-3597

Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.

参考: CVE-2009-2282

Terminal server does not check authorization for guest access.

参考: CVE-2008-5027

System monitoring software allows users to bypass authorization by creating custom forms.

参考: CVE-2009-3781

Content management system does not check access permissions for private files, allowing others to view those files.

参考: CVE-2008-6548

Product does not check the ACL of a page accessed using an "include" directive, allowing attackers to read unauthorized files.

参考: CVE-2009-2960

Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.

参考: CVE-2009-3230

Database server does not use appropriate privileges for certain sensitive operations.

参考: CVE-2009-2213

Gateway uses default "Allow" configuration for its authorization settings.

参考: CVE-2009-0034

Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.

参考: CVE-2008-6123

Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.

参考: CVE-2008-7109

Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.

参考: CVE-2008-3424

Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.

参考: CVE-2005-1036

Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap

参考: CVE-2008-4577

ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.

参考: CVE-2007-2925

Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.

参考: CVE-2006-6679

Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.

参考: CVE-2005-3623

OS kernel does not check for a certain privilege before setting ACLs for files.

参考: CVE-2005-2801

Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.

参考: CVE-2001-1155

Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.

参考: CVE-2020-17533

Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)