Authenticated route bypass
Description
Some data returned are not well advertised in your schema
Remediation
Update your schema to match the real return types
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
access_control/auth_bypass
Examples
Ignore this check
checks:
access_control/auth_bypass:
skip: true
Score
- Escape Severity: LOW
Compliance
OWASP: API2:2023
pci: 6.5.10
gdpr: Article-32
soc2: CC1
psd2: Article-95
iso27001: A.14.2
nist: SP800-53
fedramp: AC-4
Classification
- CWE: 285
Score
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- CVSS_SCORE: 6.5