目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-639 通过用户控制密钥绕过授权机制 类漏洞列表 1073

CWE-639 通过用户控制密钥绕过授权机制 类弱点 1073 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-639 属于授权绕过漏洞,指系统依赖用户可控的键值检索数据时,未验证该键值是否属于当前请求用户。攻击者通过篡改标识符(如ID),直接访问其他用户的数据记录。开发者应避免使用直接暴露的键值,转而采用间接引用或会话上下文验证,确保每次数据访问前严格校验资源归属权,从而防止越权访问。

MITRE CWE 官方描述
CWE:CWE-639 通过用户可控密钥绕过授权(Authorization Bypass Through User-Controlled Key) 英文:系统的授权功能未能阻止用户通过修改标识数据的密钥值,从而获取其他用户的数据或记录。 系统中基于某个受用户控制的密钥值来检索用户记录。该密钥通常用于标识系统中存储的与用户相关的记录,并用于查找该记录以呈现给用户。攻击者很可能需要是系统中的已认证用户。然而,授权过程未能正确检查数据访问操作,以确保执行该操作的已认证用户拥有执行所请求数据访问的足够权限,从而绕过了系统中存在的任何其他授权检查。例如,攻击者可以查看检索特定用户数据的位置(例如搜索界面),并确定正在查找的项目的密钥是否可外部控制。该密钥可能是 HTML 表单中的隐藏字段,也可能作为 URL 参数或未加密的 Cookie 变量传递,在这些情况下,都有可能篡改密钥值。这种弱点的一种表现形式是,当系统使用顺序生成或易于猜测的会话 ID(Session IDs)时,允许一个用户轻松切换到另一个用户的会话并读取/修改其数据。
常见影响 (3)
Access ControlBypass Protection Mechanism
Access control checks for specific user data or functionality can be bypassed.
Access ControlGain Privileges or Assume Identity
Horizontal escalation of privilege is possible (one user can view/modify information of another user).
Access ControlGain Privileges or Assume Identity
Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access.
缓解措施 (3)
Architecture and DesignFor each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Architecture and Design, ImplementationMake sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Architecture and DesignUse encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
代码示例 (1)
The following code uses a parameterized statement, which escapes metacharacters and prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches for an invoice matching the specified identifier [1]. The identifier is selected from a list of all invoices associated with the current authenticated user.
... conn = new SqlConnection(_ConnectionString); conn.Open(); int16 id = System.Convert.ToInt16(invoiceID.Text); SqlCommand query = new SqlCommand( "SELECT * FROM invoices WHERE id = @id", conn); query.Parameters.AddWithValue("@id", id); SqlDataReader objReader = objCommand.ExecuteReader(); ...
Bad · C#
CVE ID标题CVSS风险等级Published
CVE-2025-27939 Growatt Cloud Applications 安全漏洞 — Cloud portal 7.5 High2025-04-15
CVE-2025-30254 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27568 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-24487 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31941 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31357 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31949 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31933 Growatt Cloud Applications 安全漏洞 — Cloud portal 5.3 Medium2025-04-15
CVE-2025-3575 T-INNOVA Deporsite 安全漏洞 — Deporsite 6.5AIMediumAI2025-04-15
CVE-2025-3574 T-INNOVA Deporsite 安全漏洞 — Deporsite 6.5AIMediumAI2025-04-15
CVE-2025-3282 WordPress plugin User Registration & Membership 安全漏洞 — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 5.3 Medium2025-04-12
CVE-2025-3292 WordPress plugin User Registration & Membership 安全漏洞 — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 4.3 Medium2025-04-12
CVE-2025-32373 DNN 安全漏洞 — Dnn.Platform 6.5 Medium2025-04-09
CVE-2025-2526 WordPress plugin Streamit 安全漏洞 — Streamit 8.8 High2025-04-08
CVE-2025-31867 WordPress plugin JS Job Manager 安全漏洞 — JS Job Manager 5.4 Medium2025-04-01
CVE-2025-31833 WordPress plugin JobBoard Job listing 安全漏洞 — JobBoard Job listing 4.9 Medium2025-04-01
CVE-2025-30777 WordPress plugin Support Genix 安全漏洞 — Support Genix 4.3 Medium2025-03-27
CVE-2024-13558 WordPress plugin NP Quote Request for WooCommerce 安全漏洞 — NP Quote Request for WooCommerce 7.5 High2025-03-20
CVE-2024-8613 ChuanhuChatGPT 访问控制错误漏洞 — gaizhenbiao/chuanhuchatgpt 8.2 -2025-03-20
CVE-2024-11300 Lunary 安全漏洞 — lunary-ai/lunary 6.5 -2025-03-20
CVE-2024-9617 Danswer 访问控制错误漏洞 — danswer-ai/danswer 7.5 -2025-03-20
CVE-2024-7476 Lunary 访问控制错误漏洞 — lunary-ai/lunary 6.5 -2025-03-20
CVE-2024-11167 LibreChat 访问控制错误漏洞 — danny-avila/librechat 4.3 -2025-03-20
CVE-2024-7040 Open WebUI 访问控制错误漏洞 — open-webui/open-webui 2.7 -2025-03-20
CVE-2024-12880 RAGFlow 授权问题漏洞 — infiniflow/ragflow 8.1 -2025-03-20
CVE-2024-10366 LibreChat 访问控制错误漏洞 — danny-avila/librechat 4.3 -2025-03-20
CVE-2024-11137 Lunary 访问控制错误漏洞 — lunary-ai/lunary 4.3 -2025-03-20
CVE-2025-1667 WordPress plugin WPSchoolPress 安全漏洞 — School Management System – WPSchoolPress 8.8 High2025-03-15
CVE-2024-13407 WordPress plugin Omnipress 安全漏洞 — Omnipress 4.3 Medium2025-03-14
CVE-2024-11284 WordPress plugin WP JobHunt 安全漏洞 — WP JobHunt 9.8 Critical2025-03-14

CWE-639(通过用户控制密钥绕过授权机制) 是常见的弱点类别,本平台收录该类弱点关联的 1073 条 CVE 漏洞。