VariantIncomplete

CWE-647Use of Non-Canonical URL Paths for Authorization Decisions

Category: auth

Description

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.

Common consequences· 2

  • Access Control — Bypass Protection Mechanism
    An attacker may be able to bypass the authorization mechanism to gain access to the otherwise-protected URL.
  • Confidentiality — Read Files or Directories
    If a non-canonical URL is used, the server may choose to return the contents of the file, instead of pre-processing the file (e.g. as a program).

Potential mitigations· 2

  • [Architecture and Design]Make access control policy based on path information in canonical form. Use very restrictive regular expressions to validate that the path is in the expected form.
  • [Architecture and Design]Reject all alternate path encodings that are not in the expected canonical form.

References

  1. https://cwe.mitre.org/data/definitions/647.html

(incoming)1

TypeTargetConfidenceTier
KEVEntryHitachi Vantara Pentaho BA Server Authorization Bypass Vulnerabilitykev-cve-2022-439390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Authentication Bypass by Alternate Name
CWE
Improper Protection of Alternate Path
CWE
Improper Authorization
CWE
Improper Access Control
CWE
Incorrect Authorization
CWE
Missing Authorization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.