目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-639 通过用户控制密钥绕过授权机制 类漏洞列表 1236

CWE-639 通过用户控制密钥绕过授权机制 类弱点 1236 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-639 属于授权绕过漏洞,指系统依赖用户可控的键值检索数据时,未验证该键值是否属于当前请求用户。攻击者通过篡改标识符(如ID),直接访问其他用户的数据记录。开发者应避免使用直接暴露的键值,转而采用间接引用或会话上下文验证,确保每次数据访问前严格校验资源归属权,从而防止越权访问。

MITRE CWE 官方描述
CWE:CWE-639 通过用户可控密钥绕过授权(Authorization Bypass Through User-Controlled Key) 英文:系统的授权功能未能阻止用户通过修改标识数据的密钥值,从而获取其他用户的数据或记录。 系统中基于某个受用户控制的密钥值来检索用户记录。该密钥通常用于标识系统中存储的与用户相关的记录,并用于查找该记录以呈现给用户。攻击者很可能需要是系统中的已认证用户。然而,授权过程未能正确检查数据访问操作,以确保执行该操作的已认证用户拥有执行所请求数据访问的足够权限,从而绕过了系统中存在的任何其他授权检查。例如,攻击者可以查看检索特定用户数据的位置(例如搜索界面),并确定正在查找的项目的密钥是否可外部控制。该密钥可能是 HTML 表单中的隐藏字段,也可能作为 URL 参数或未加密的 Cookie 变量传递,在这些情况下,都有可能篡改密钥值。这种弱点的一种表现形式是,当系统使用顺序生成或易于猜测的会话 ID(Session IDs)时,允许一个用户轻松切换到另一个用户的会话并读取/修改其数据。
常见影响 (3)
Access ControlBypass Protection Mechanism
Access control checks for specific user data or functionality can be bypassed.
Access ControlGain Privileges or Assume Identity
Horizontal escalation of privilege is possible (one user can view/modify information of another user).
Access ControlGain Privileges or Assume Identity
Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access.
缓解措施 (3)
Architecture and DesignFor each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Architecture and Design, ImplementationMake sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Architecture and DesignUse encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
代码示例 (1)
The following code uses a parameterized statement, which escapes metacharacters and prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches for an invoice matching the specified identifier [1]. The identifier is selected from a list of all invoices associated with the current authenticated user.
... conn = new SqlConnection(_ConnectionString); conn.Open(); int16 id = System.Convert.ToInt16(invoiceID.Text); SqlCommand query = new SqlCommand( "SELECT * FROM invoices WHERE id = @id", conn); query.Parameters.AddWithValue("@id", id); SqlDataReader objReader = objCommand.ExecuteReader(); ...
Bad · C#
CVE ID标题CVSS风险等级Published
CVE-2026-49192 Acer M6E 安全漏洞 — Connect M6E 5G Portable WiFi Router--2026-06-04
CVE-2026-10597 ITPison OMICARD EDM 安全漏洞 — OMICARD EDM 5.3 Medium2026-06-04
CVE-2025-14772 ABB T-MAC Plus 安全漏洞 — T-MAC Plus 8.8 High2026-06-03
CVE-2026-7201 Progress Sitefinity 安全漏洞 — Sitefinity 8.8 High2026-06-02
CVE-2026-24761 Kiteworks 安全漏洞 — Secure Data Forms 3.7 Low2026-06-01
CVE-2026-24756 Kiteworks 安全漏洞 — Secure Data Forms 4.3 Medium2026-06-01
CVE-2026-24755 Kiteworks 安全漏洞 — Secure Data Forms 5.4 Medium2026-06-01
CVE-2026-24753 Kiteworks 安全漏洞 — Secure Data Forms 6.5 Medium2026-06-01
CVE-2026-23638 Kiteworks 安全漏洞 — Secure Data Forms 6.5 Medium2026-06-01
CVE-2026-45810 Nextcloud Server 安全漏洞 — security-advisories 6.8 Medium2026-06-01
CVE-2026-45281 Nextcloud Server 安全漏洞 — security-advisories 8.1 High2026-06-01
CVE-2026-45159 End-to-End Encryption App 安全漏洞 — security-advisories 3.5 Low2026-06-01
CVE-2026-45155 Nextcloud Teams 安全漏洞 — security-advisories 2.6 Low2026-06-01
CVE-2026-41084 Apache Airflow 安全漏洞 — Apache Airflow--2026-06-01
CVE-2026-46764 Apache Airflow 安全漏洞 — Apache Airflow--2026-06-01
CVE-2026-10212 AstrBot 安全漏洞 — AstrBot 6.3 Medium2026-06-01
CVE-2026-10154 Dolibarr ERP CRM 安全漏洞 — ERP CRM 4.3 Medium2026-05-30
CVE-2026-47266 Formie for Craft CMS 安全漏洞 — formie--2026-05-29
CVE-2026-49386 JetBrains YouTrack 安全漏洞 — YouTrack 6.5 Medium2026-05-29
CVE-2026-43917 Dokploy 安全漏洞 — dokploy--2026-05-29
CVE-2026-9493 BankPro E-Service Service Center 安全漏洞 — Service Center 6.5 Medium2026-05-29
CVE-2026-45342 LinkAce 安全漏洞 — LinkAce--2026-05-28
CVE-2026-41141 EspoCRM 安全漏洞 — espocrm 6.5 Medium2026-05-28
CVE-2026-7651 WordPress plugin User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 安全漏洞 — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 5.3 Medium2026-05-28
CVE-2026-3173 WordPress plugin Meta Field Block 安全漏洞 — Meta Field Block – Display custom fields in the Block Editor without coding 6.5 Medium2026-05-28
CVE-2026-9228 WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞 — Timetable and Event Schedule by MotoPress 4.3 Medium2026-05-28
CVE-2026-9241 WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞 — FOX – Currency Switcher Professional for WooCommerce 4.3 Medium2026-05-28
CVE-2026-46544 UFO³ 安全漏洞 — UFO 5.3 Medium2026-05-27
CVE-2026-4868 GitLab 安全漏洞 — GitLab 8.2 High2026-05-27
CVE-2026-9712 pretix 安全漏洞 — pretix--2026-05-27

CWE-639(通过用户控制密钥绕过授权机制) 是常见的弱点类别,本平台收录该类弱点关联的 1236 条 CVE 漏洞。