Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the AccessTokenScopeCheck function. An attacker can obtain unauthorized access tokens with arbitrary scopes by supplying a specially crafted targetNF value. Remediation Upgrade github.com/free5gc/nrf/pkg/factor...

CVE-2025-66719

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

CVE-2025-66719

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

CVE-2025-66719

Summary: CVE-2025-66719 affects Free5GC NRF 1.4.0. The vulnerability lies in the AccessTokenScopeCheck() in internal/sbi/processor/access_token.go, where scope validation is bypassed when a crafted targetNF value is supplied, enabling an attacker to obtain an access token with arbitrary scopes. I...

EUVD-2019-2959

Malware in sbrugna...

EUVD-2022-5974

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-39881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which...

CVE-2021-39881

In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and...

Access control issue in AlekSIS-Core

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

GHSA-76X2-H8H3-CWJG Access control issue in AlekSIS-Core

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

CVE-2022-29773

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

CVE-2022-29773

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

PT-2022-19822 · Unknown · Aleksis-Core

Name of the Vulnerable Software and Affected Versions: AlekSIS-Core versions 2.8.1 and below Description: An access control issue in aleksis/core/util/auth helpers.py, specifically in the ClientProtectedResourceMixin, allows attackers to access arbitrary scopes if no allowed scopes are specifical...

Cloud Foundry UAA Privilege Escalation

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their...

GHSA-292X-HJR8-226F Cloud Foundry UAA Privilege Escalation

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their...

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess...

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess...

CVE-2018-15761

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their...