Total
543 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34770 | 1 Tabit | 1 Tabit | 2024-02-04 | N/A | 7.5 HIGH |
| Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number. | |||||
| CVE-2022-2499 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. | |||||
| CVE-2022-2828 | 1 Octopus | 1 Octopus Server | 2024-02-04 | N/A | 6.5 MEDIUM |
| In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability | |||||
| CVE-2022-2824 | 1 Open-emr | 1 Openemr | 2024-02-04 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-23173 | 1 Priority-software | 1 Priority | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed. | |||||
| CVE-2022-2913 | 2024-02-04 | N/A | 4.3 MEDIUM | ||
| The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. | |||||
| CVE-2021-36906 | 1 Expresstech | 1 Quiz And Survey Master | 2024-02-04 | N/A | 8.8 HIGH |
| Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | |||||
| CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 4.3 MEDIUM |
| Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | |||||
| CVE-2022-2080 | 1 Automattic | 1 Sensei Lms | 2024-02-04 | N/A | 4.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | |||||
| CVE-2022-2730 | 1 Open-emr | 1 Openemr | 2024-02-04 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-42067 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2024-02-04 | N/A | 4.3 MEDIUM |
| Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | |||||
| CVE-2022-40205 | 1 Gvectors | 1 Wpforo Forum | 2024-02-04 | N/A | 4.3 MEDIUM |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | |||||
| CVE-2022-42129 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-02-04 | N/A | 4.3 MEDIUM |
| An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. | |||||
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2024-02-04 | N/A | 8.8 HIGH |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | |||||
| CVE-2022-34775 | 1 Tabit | 1 Tabit | 2024-02-04 | N/A | 7.5 HIGH |
| Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack. | |||||
| CVE-2022-34150 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2024-02-04 | N/A | 5.4 MEDIUM |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. | |||||
| CVE-2022-36284 | 1 Storeapps | 1 Affiliate For Woocommerce | 2024-02-04 | N/A | 6.5 MEDIUM |
| Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. | |||||
| CVE-2021-24655 | 1 Wpusermanager | 1 Wp User Manager | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account. | |||||
| CVE-2022-2198 | 1 2code | 1 Wpqa Builder | 2024-02-04 | N/A | 4.3 MEDIUM |
| The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. | |||||
| CVE-2022-2034 | 1 Automattic | 1 Sensei Lms | 2024-02-04 | N/A | 5.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | |||||