CVEbaza.plSłownik CWECWE-647
Common Weakness Enumeration

CWE-647

Use of Non-Canonical URL Paths for Authorization Decisions

Kategoria: VariantCVE: 7
Opis

Produkt definiuje przestrzenie nazw polityk i podejmuje decyzje autoryzacyjne na podstawie założenia, że URL jest kanoniczny. Może to pozwolić niekanonicznemu URL na obejście autoryzacji.

Description (EN)

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.

Podatności CVE z CWE-647 (7)
8.6
CVSS
HIGH
CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

pub. 2023-04-03🚩 CISA KEV⚡ EXPLOIT
7.3
CVSS
HIGH
CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`.

pub. 2025-11-12
6.7
CVSS
MEDIUM
CVE-2025-9909

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.

pub. 2026-02-27
6.5
CVSS
MEDIUM
CVE-2025-66202

Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs, attackers can still bypass authentication and access any route protected by middleware pathname checks. This issue is fixed in version 5.15.8.

pub. 2025-12-09
4.0
CVSS
MEDIUM
CVE-2025-47241

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

pub. 2025-05-03
3.4
CVSS
LOW
CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."

pub. 2025-04-21
2.3
CVSS
LOW
CVE-2026-5222

Cargo w wersjach od 1.68 do 1.96 nieprawidłowo normalizował adresy URL repozytoriów innych firm korzystających z protokołu sparse index. Jeśli dostawca hostingu umożliwił hosting wielu repozytoriów z dowolnymi nazwami w obrębie tej samej domeny, osoba atakująca mogąca publikować pakiety w repozytorium mogła uzyskać poświadczenia innych użytkowników tego samego repozytorium. Severność tej podatności jest niska ze względu na niezwykle specyficzne wymagania potrzebne do przeprowadzenia ataku.

pub. 2026-05-25
Informacje
ID: CWE-647
Typ: Variant
Podatności: 7
MITRE CWE ↗
← Słownik CWE