Threats Tagged 'cwe-302'

DroneAware's centralized server was vulnerable to an account pre-hijacking flaw allowing attackers to register accounts with victim emails and attacker-chosen passwords before the victim activated their account. When the victim later activated the account, the attacker-set password remained valid, enabling silent account takeover without notification. The issue was fixed server-side on 2025-05-20, requiring no user action. Node binaries and self-hosted detection nodes are unaffected. No client-side mitigations or workarounds are needed.

Postiz, an AI social media scheduling tool, has an authentication bypass vulnerability in versions prior to 2.21.8. The Skool integration callback signs attacker-controlled JSON data into a session JWT using the app's JWT_SECRET, and the authentication middleware trusts the JWT claims without verifying the user against the database. This allows any authenticated user to forge a SUPERADMIN session and impersonate arbitrary organizations, gaining full access to all parts of Postiz and the ability to post on victims' social media channels. The issue is fixed in version 2.21.8.

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause a victim's browser to navigate to it, resulting in the victim's session being authenticated as the attacker-linked account (OAuth login CSRF / session swapping). This is patched in version 2.2.5.

Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables. This issue affects WiFiBurada: before 1.0.5.