Skip to main content

Authorization Bypass Through User-Controlled Key

CVE-2022-30852

Severity Medium
Score 4.3/10

Summary

idno/known is discovered to contain an Insecure Direct Object Reference (IDOR). The research report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev branch of the idno/known repository.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • NONE

CWE-639 - Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Advisory Timeline

  • Published