CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-27486	Insufficient authorization validation between zones when xCAT zones are enabled — xcat-core	8.1	High	2023-03-08
CVE-2023-27485	Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core — feedbacksystem	4.3	Medium	2023-03-07
CVE-2023-26056	XWiki Platform allows macro execution as any user without programming rights through the context macro — xwiki-platform	5.4	Medium	2023-03-02
CVE-2023-23947	Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets — argo-cd	9.1	Critical	2023-02-16
CVE-2023-25173	containerd supplementary groups are not set up properly — containerd	5.3	Medium	2023-02-16
CVE-2022-34397	Dell EMC Unisphere for PowerMax 安全漏洞 — Unisphere for PowerMax	6.9	Medium	2023-02-13
CVE-2023-24829	Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench — Apache IoTDB Workbench	8.8	-	2023-01-31
CVE-2022-45435	SailPoint IdentityIQ Access Control Bypass — IdentityIQ	6.8	Medium	2023-01-31
CVE-2023-22610	EcoStruxure Geo SCADA Expert 安全漏洞 — EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA)	9.1	Critical	2023-01-31
CVE-2023-22482	JWT audience claim is not verified — argo-cd	9.1	Critical	2023-01-25
CVE-2023-22500	glpi Unauthorized access to inventory files — glpi	7.5	High	2023-01-25
CVE-2022-23739	Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens — GitHub Enterprise Server	7.8	-	2023-01-17
CVE-2022-45353	WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control — Betheme	4.3	Medium	2023-01-14
CVE-2023-0298	Incorrect Authorization in firefly-iii/firefly-iii — firefly-iii/firefly-iii	7.1	-	2023-01-14
CVE-2022-2155	A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role. — Lumada APM	5.7	Medium	2023-01-12
CVE-2022-46258	Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope — GitHub Enterprise Server	6.5	-	2023-01-09
CVE-2022-43438	HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization — EasyTest	8.8	High	2023-01-03
CVE-2022-23553	URL access filters bypass in Alpine — alpine	7.5	High	2022-12-28
CVE-2020-36625	destiny.gg chat main.go websocket.Upgrader cross-site request forgery — chat	4.3	Medium	2022-12-22
CVE-2022-3188	Dataprobe iBoot-PDU 访问控制错误漏洞 — iBoot-PDU FW	5.3	Medium	2022-12-21
CVE-2020-36622	sah-comp bienlein cross-site request forgery — bienlein	4.3	Medium	2022-12-21
CVE-2020-36623	Pengu index.js runApp cross-site request forgery — Pengu	4.3	Medium	2022-12-21
CVE-2021-4268	phpRedisAdmin cross-site request forgery — phpRedisAdmin	4.3	Medium	2022-12-21
CVE-2021-4275	katlings pyambic-pentameter cross-site request forgery — pyambic-pentameter	4.3	Medium	2022-12-21
CVE-2022-42351	AEM Incorrect Authorization Security feature bypass — Experience Manager	4.3	Medium	2022-12-19
CVE-2022-41962	BigBlueButton contains Incorrect Authorization for setting emoji status — bigbluebutton	2.7	Low	2022-12-16
CVE-2022-23741	Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access — GitHub Enterprise Server	7.2	-	2022-12-14
CVE-2022-23473	Tuleap MediaWiki standalone "readers" can also edit pages — tuleap	4.3	Medium	2022-12-13
CVE-2022-46160	Tuleap dashboards vulnerable to Incorrect Authorization — tuleap	4.3	Medium	2022-12-13
CVE-2022-41274	SAP Disclosure Management 信息泄露漏洞 — Disclosure Management	6.5	Medium	2022-12-13

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242