Authorization Bypass

2023-10-1717:37:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

authorization bypass

software

security constraints

unlisted parameters

malicious.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

85.9%

JSON

org.apache.inlong: manager-pojo is vulnerable to Authorization Bypass. The vulnerability is due to filterSensitive function in MySQLSinkDTO.java which has no checks for parameters that not present in predefined maps. This allows potentially malicious parameters to pass through unchecked. An attacker can bypassing security constraints by adding unlisted URL/Parameters.