CWE-863 (授权机制不正确) — Vulnerability Class 1255

1255 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-47142	IBM Tivoli Application Dependency Discovery Manager privilege escalation — Tivoli Application Dependency Discovery Manager	7.5	High	2024-02-02
CVE-2024-24573	facileManager Privilege Escalation via Mass Assignment — facileManager	8.8	High	2024-01-31
CVE-2024-23653	BuildKit interactive containers API does not validate entitlements check — buildkit	9.8	Critical	2024-01-31
CVE-2023-49783	No permission checks for editing/deleting records with CSV import form — silverstripe-admin	4.3	Medium	2024-01-23
CVE-2023-44401	Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data — silverstripe-graphql	5.3	Medium	2024-01-23
CVE-2024-23329	changedetection.io API endpoint is not secured with API token — changedetection.io	3.7	Low	2024-01-19
CVE-2023-4812	Incorrect Authorization in GitLab — GitLab	7.6	High	2024-01-12
CVE-2023-5356	Incorrect Authorization in GitLab — GitLab	7.3	High	2024-01-12
CVE-2024-21736	Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) — SAP S/4HANA Finance (Advanced Payment Management)	6.4	Medium	2024-01-09
CVE-2024-21735	Improper Authorization check in SAP LT Replication Server — SAP LT Replication Server	7.3	High	2024-01-09
CVE-2023-52077	External apps using tokens issued by administrators and moderators can call admin APIs — nexkey	8.9	High	2023-12-27
CVE-2023-51649	Nautobot missing object-level permissions enforcement when running Job Buttons — nautobot	3.5	Low	2023-12-22
CVE-2023-51380	Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server — Enterprise Server	2.7	Low	2023-12-21
CVE-2023-51379	Incorrect Authorization for Issue Comments in GitHub Enterprise Server — Enterprise Server	4.9	Medium	2023-12-21
CVE-2023-50732	Velocity execution without script right through tree macro — xwiki-platform	8.3	High	2023-12-21
CVE-2023-49734	Apache Superset: Privilege Escalation Vulnerability — Apache Superset	7.7	High	2023-12-19
CVE-2023-41314	Apache Doris: Missing API authentication allowed DoS — Apache Doris	9.1^AI	Critical^AI	2023-12-18
CVE-2023-3511	Incorrect Authorization in GitLab — GitLab	2.0	Low	2023-12-15
CVE-2023-6837	Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation — WSO2 API Manager	8.5	High	2023-12-15
CVE-2023-45185	IBM i Access Client Solutions code execution — i Access Client Solutions	7.4	High	2023-12-14
CVE-2023-49273	Umbraco CMS vulnerable to Privilege Escalation using Spoofing — Umbraco-CMS	5.4	Medium	2023-12-12
CVE-2023-48227	Umbraco CMS Backoffice User can bypass "Publish" restriction — Umbraco-CMS	4.3	Medium	2023-12-12
CVE-2023-6542	Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID — SAP EMARSYS SDK ANDROID	7.1	High	2023-12-12
CVE-2023-3443	Incorrect Authorization in GitLab — GitLab	3.1	Low	2023-12-01
CVE-2023-3964	Incorrect Authorization in GitLab — GitLab	4.3	Medium	2023-12-01
CVE-2023-4317	Incorrect Authorization in GitLab — GitLab	4.3	Medium	2023-12-01
CVE-2023-4658	Incorrect Authorization in GitLab — GitLab	3.1	Low	2023-12-01
CVE-2023-5995	Incorrect Authorization in GitLab — GitLab	4.4	Medium	2023-12-01
CVE-2023-47827	WordPress Events Addon for Elementor Plugin <= 2.1.3 is vulnerable to Broken Access Control — Events Addon for Elementor	6.5	Medium	2023-11-30
CVE-2023-40610	Apache Superset: Privilege escalation with default examples database — Apache Superset	6.3	Medium	2023-11-27

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1255 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1255