A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
CWE-863
CVE-2022-0984
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVE-2022-0905
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.
CVE-2022-0920
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer’s data
CVE-2022-0932
Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.
CVE-2022-0821
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.