CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.

Weakness

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Affected Software

Name	Vendor	Start Version	End Version
Mesh_profile	Bluetooth	1.0.0 (including)	1.0.0 (including)
Mesh_profile	Bluetooth	1.0.1 (including)	1.0.1 (including)
Linux	Ubuntu	bionic	*
Linux	Ubuntu	esm-infra-legacy/trusty	*
Linux	Ubuntu	esm-infra/bionic	*
Linux	Ubuntu	esm-infra/focal	*
Linux	Ubuntu	esm-infra/xenial	*
Linux	Ubuntu	focal	*
Linux	Ubuntu	groovy	*
Linux	Ubuntu	hirsute	*
Linux	Ubuntu	impish	*
Linux	Ubuntu	kinetic	*
Linux	Ubuntu	lunar	*
Linux	Ubuntu	mantic	*
Linux	Ubuntu	oracular	*
Linux	Ubuntu	plucky	*
Linux	Ubuntu	trusty	*
Linux	Ubuntu	trusty/esm	*
Linux	Ubuntu	xenial	*
Linux-allwinner	Ubuntu	kinetic	*
Linux-allwinner	Ubuntu	lunar	*
Linux-allwinner	Ubuntu	upstream	*
Linux-allwinner-5.19	Ubuntu	jammy	*
Linux-allwinner-5.19	Ubuntu	upstream	*
Linux-aws	Ubuntu	bionic	*
Linux-aws	Ubuntu	esm-infra-legacy/trusty	*
Linux-aws	Ubuntu	esm-infra/bionic	*
Linux-aws	Ubuntu	esm-infra/focal	*
Linux-aws	Ubuntu	esm-infra/xenial	*
Linux-aws	Ubuntu	focal	*
Linux-aws	Ubuntu	groovy	*
Linux-aws	Ubuntu	hirsute	*
Linux-aws	Ubuntu	impish	*
Linux-aws	Ubuntu	kinetic	*
Linux-aws	Ubuntu	lunar	*
Linux-aws	Ubuntu	mantic	*
Linux-aws	Ubuntu	oracular	*
Linux-aws	Ubuntu	plucky	*
Linux-aws	Ubuntu	trusty	*
Linux-aws	Ubuntu	trusty/esm	*
Linux-aws	Ubuntu	xenial	*
Linux-aws-5.0	Ubuntu	bionic	*
Linux-aws-5.0	Ubuntu	esm-infra/bionic	*
Linux-aws-5.0	Ubuntu	upstream	*
Linux-aws-5.11	Ubuntu	esm-infra/focal	*
Linux-aws-5.11	Ubuntu	focal	*
Linux-aws-5.11	Ubuntu	upstream	*
Linux-aws-5.13	Ubuntu	esm-infra/focal	*
Linux-aws-5.13	Ubuntu	focal	*
Linux-aws-5.13	Ubuntu	upstream	*
Linux-aws-5.15	Ubuntu	esm-infra/focal	*
Linux-aws-5.15	Ubuntu	focal	*
Linux-aws-5.19	Ubuntu	jammy	*
Linux-aws-5.19	Ubuntu	upstream	*
Linux-aws-5.3	Ubuntu	bionic	*
Linux-aws-5.3	Ubuntu	esm-infra/bionic	*
Linux-aws-5.3	Ubuntu	upstream	*
Linux-aws-5.4	Ubuntu	bionic	*
Linux-aws-5.4	Ubuntu	esm-infra/bionic	*
Linux-aws-5.8	Ubuntu	esm-infra/focal	*
Linux-aws-5.8	Ubuntu	focal	*
Linux-aws-5.8	Ubuntu	upstream	*
Linux-aws-6.2	Ubuntu	jammy	*
Linux-aws-6.2	Ubuntu	upstream	*
Linux-aws-6.5	Ubuntu	jammy	*
Linux-aws-6.5	Ubuntu	upstream	*
Linux-aws-fips	Ubuntu	fips-updates/bionic	*
Linux-aws-fips	Ubuntu	fips/bionic	*
Linux-aws-hwe	Ubuntu	esm-infra/xenial	*
Linux-aws-hwe	Ubuntu	xenial	*
Linux-azure	Ubuntu	bionic	*
Linux-azure	Ubuntu	esm-infra-legacy/trusty	*
Linux-azure	Ubuntu	esm-infra/bionic	*
Linux-azure	Ubuntu	esm-infra/focal	*
Linux-azure	Ubuntu	esm-infra/xenial	*
Linux-azure	Ubuntu	focal	*
Linux-azure	Ubuntu	groovy	*
Linux-azure	Ubuntu	hirsute	*
Linux-azure	Ubuntu	impish	*
Linux-azure	Ubuntu	kinetic	*
Linux-azure	Ubuntu	lunar	*
Linux-azure	Ubuntu	mantic	*
Linux-azure	Ubuntu	oracular	*
Linux-azure	Ubuntu	plucky	*
Linux-azure	Ubuntu	trusty	*
Linux-azure	Ubuntu	trusty/esm	*
Linux-azure	Ubuntu	xenial	*
Linux-azure-4.15	Ubuntu	bionic	*
Linux-azure-4.15	Ubuntu	esm-infra/bionic	*
Linux-azure-5.11	Ubuntu	esm-infra/focal	*
Linux-azure-5.11	Ubuntu	focal	*
Linux-azure-5.11	Ubuntu	upstream	*
Linux-azure-5.13	Ubuntu	esm-infra/focal	*
Linux-azure-5.13	Ubuntu	focal	*
Linux-azure-5.13	Ubuntu	upstream	*
Linux-azure-5.15	Ubuntu	esm-infra/focal	*
Linux-azure-5.15	Ubuntu	focal	*
Linux-azure-5.19	Ubuntu	jammy	*
Linux-azure-5.19	Ubuntu	upstream	*
Linux-azure-5.3	Ubuntu	bionic	*
Linux-azure-5.3	Ubuntu	esm-infra/bionic	*
Linux-azure-5.3	Ubuntu	upstream	*
Linux-azure-5.4	Ubuntu	bionic	*
Linux-azure-5.4	Ubuntu	esm-infra/bionic	*
Linux-azure-5.8	Ubuntu	esm-infra/focal	*
Linux-azure-5.8	Ubuntu	focal	*
Linux-azure-5.8	Ubuntu	upstream	*
Linux-azure-6.11	Ubuntu	noble	*
Linux-azure-6.2	Ubuntu	jammy	*
Linux-azure-6.2	Ubuntu	upstream	*
Linux-azure-6.5	Ubuntu	jammy	*
Linux-azure-6.5	Ubuntu	upstream	*
Linux-azure-edge	Ubuntu	bionic	*
Linux-azure-edge	Ubuntu	esm-infra/bionic	*
Linux-azure-edge	Ubuntu	upstream	*
Linux-azure-fde	Ubuntu	esm-infra/focal	*
Linux-azure-fde	Ubuntu	focal	*
Linux-azure-fde	Ubuntu	plucky	*
Linux-azure-fde-5.15	Ubuntu	esm-infra/focal	*
Linux-azure-fde-5.15	Ubuntu	focal	*
Linux-azure-fde-5.19	Ubuntu	jammy	*
Linux-azure-fde-5.19	Ubuntu	upstream	*
Linux-azure-fde-6.2	Ubuntu	jammy	*
Linux-azure-fde-6.2	Ubuntu	upstream	*
Linux-azure-fips	Ubuntu	fips-updates/bionic	*
Linux-azure-fips	Ubuntu	fips/bionic	*
Linux-bluefield	Ubuntu	esm-infra/focal	*
Linux-bluefield	Ubuntu	focal	*
Linux-dell300x	Ubuntu	bionic	*
Linux-dell300x	Ubuntu	upstream	*
Linux-fips	Ubuntu	fips-updates/bionic	*
Linux-fips	Ubuntu	fips-updates/xenial	*
Linux-fips	Ubuntu	fips/bionic	*
Linux-fips	Ubuntu	fips/xenial	*
Linux-gcp	Ubuntu	bionic	*
Linux-gcp	Ubuntu	esm-infra/bionic	*
Linux-gcp	Ubuntu	esm-infra/focal	*
Linux-gcp	Ubuntu	esm-infra/xenial	*
Linux-gcp	Ubuntu	focal	*
Linux-gcp	Ubuntu	groovy	*
Linux-gcp	Ubuntu	hirsute	*
Linux-gcp	Ubuntu	impish	*
Linux-gcp	Ubuntu	kinetic	*
Linux-gcp	Ubuntu	lunar	*
Linux-gcp	Ubuntu	mantic	*
Linux-gcp	Ubuntu	oracular	*
Linux-gcp	Ubuntu	plucky	*
Linux-gcp	Ubuntu	xenial	*
Linux-gcp-4.15	Ubuntu	bionic	*
Linux-gcp-4.15	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.11	Ubuntu	esm-infra/focal	*
Linux-gcp-5.11	Ubuntu	focal	*
Linux-gcp-5.11	Ubuntu	upstream	*
Linux-gcp-5.13	Ubuntu	esm-infra/focal	*
Linux-gcp-5.13	Ubuntu	focal	*
Linux-gcp-5.13	Ubuntu	upstream	*
Linux-gcp-5.15	Ubuntu	esm-infra/focal	*
Linux-gcp-5.15	Ubuntu	focal	*
Linux-gcp-5.19	Ubuntu	jammy	*
Linux-gcp-5.19	Ubuntu	upstream	*
Linux-gcp-5.3	Ubuntu	bionic	*
Linux-gcp-5.3	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.3	Ubuntu	upstream	*
Linux-gcp-5.4	Ubuntu	bionic	*
Linux-gcp-5.4	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.8	Ubuntu	esm-infra/focal	*
Linux-gcp-5.8	Ubuntu	focal	*
Linux-gcp-5.8	Ubuntu	upstream	*
Linux-gcp-6.11	Ubuntu	noble	*
Linux-gcp-6.2	Ubuntu	jammy	*
Linux-gcp-6.2	Ubuntu	upstream	*
Linux-gcp-6.5	Ubuntu	jammy	*
Linux-gcp-6.5	Ubuntu	upstream	*
Linux-gcp-edge	Ubuntu	bionic	*
Linux-gcp-edge	Ubuntu	esm-infra/bionic	*
Linux-gcp-fips	Ubuntu	fips-updates/bionic	*
Linux-gcp-fips	Ubuntu	fips/bionic	*
Linux-gke	Ubuntu	esm-infra/focal	*
Linux-gke	Ubuntu	focal	*
Linux-gke	Ubuntu	xenial	*
Linux-gke-4.15	Ubuntu	bionic	*
Linux-gke-4.15	Ubuntu	esm-infra/bionic	*
Linux-gke-4.15	Ubuntu	upstream	*
Linux-gke-5.0	Ubuntu	bionic	*
Linux-gke-5.0	Ubuntu	upstream	*
Linux-gke-5.15	Ubuntu	esm-infra/focal	*
Linux-gke-5.15	Ubuntu	focal	*
Linux-gke-5.15	Ubuntu	upstream	*
Linux-gke-5.3	Ubuntu	bionic	*
Linux-gke-5.3	Ubuntu	upstream	*
Linux-gke-5.4	Ubuntu	bionic	*
Linux-gke-5.4	Ubuntu	esm-infra/bionic	*
Linux-gke-5.4	Ubuntu	upstream	*
Linux-gkeop	Ubuntu	esm-infra/focal	*
Linux-gkeop	Ubuntu	focal	*
Linux-gkeop-5.15	Ubuntu	esm-infra/focal	*
Linux-gkeop-5.15	Ubuntu	focal	*
Linux-gkeop-5.4	Ubuntu	bionic	*
Linux-gkeop-5.4	Ubuntu	esm-infra/bionic	*
Linux-gkeop-5.4	Ubuntu	upstream	*
Linux-hwe	Ubuntu	bionic	*
Linux-hwe	Ubuntu	esm-infra/bionic	*
Linux-hwe	Ubuntu	esm-infra/xenial	*
Linux-hwe	Ubuntu	xenial	*
Linux-hwe-5.11	Ubuntu	esm-infra/focal	*
Linux-hwe-5.11	Ubuntu	focal	*
Linux-hwe-5.11	Ubuntu	upstream	*
Linux-hwe-5.13	Ubuntu	esm-infra/focal	*
Linux-hwe-5.13	Ubuntu	focal	*
Linux-hwe-5.13	Ubuntu	upstream	*
Linux-hwe-5.15	Ubuntu	esm-infra/focal	*
Linux-hwe-5.15	Ubuntu	focal	*
Linux-hwe-5.19	Ubuntu	jammy	*
Linux-hwe-5.19	Ubuntu	upstream	*
Linux-hwe-5.4	Ubuntu	bionic	*
Linux-hwe-5.4	Ubuntu	esm-infra/bionic	*
Linux-hwe-5.8	Ubuntu	esm-infra/focal	*
Linux-hwe-5.8	Ubuntu	focal	*
Linux-hwe-5.8	Ubuntu	upstream	*
Linux-hwe-6.11	Ubuntu	noble	*
Linux-hwe-6.2	Ubuntu	jammy	*
Linux-hwe-6.2	Ubuntu	upstream	*
Linux-hwe-6.5	Ubuntu	jammy	*
Linux-hwe-edge	Ubuntu	bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/xenial	*
Linux-hwe-edge	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	xenial	*
Linux-ibm	Ubuntu	esm-infra/focal	*
Linux-ibm	Ubuntu	focal	*
Linux-ibm	Ubuntu	kinetic	*
Linux-ibm	Ubuntu	lunar	*
Linux-ibm	Ubuntu	mantic	*
Linux-ibm-5.15	Ubuntu	esm-infra/focal	*
Linux-ibm-5.15	Ubuntu	focal	*
Linux-ibm-5.4	Ubuntu	bionic	*
Linux-ibm-5.4	Ubuntu	esm-infra/bionic	*
Linux-intel	Ubuntu	noble	*
Linux-intel-5.13	Ubuntu	esm-infra/focal	*
Linux-intel-5.13	Ubuntu	focal	*
Linux-intel-5.13	Ubuntu	upstream	*
Linux-intel-iot-realtime	Ubuntu	jammy	*
Linux-intel-iotg-5.15	Ubuntu	esm-infra/focal	*
Linux-intel-iotg-5.15	Ubuntu	focal	*
Linux-iot	Ubuntu	esm-infra/focal	*
Linux-iot	Ubuntu	focal	*
Linux-kvm	Ubuntu	bionic	*
Linux-kvm	Ubuntu	esm-infra/bionic	*
Linux-kvm	Ubuntu	esm-infra/focal	*
Linux-kvm	Ubuntu	esm-infra/xenial	*
Linux-kvm	Ubuntu	focal	*
Linux-kvm	Ubuntu	groovy	*
Linux-kvm	Ubuntu	hirsute	*
Linux-kvm	Ubuntu	impish	*
Linux-kvm	Ubuntu	kinetic	*
Linux-kvm	Ubuntu	lunar	*
Linux-kvm	Ubuntu	xenial	*
Linux-laptop	Ubuntu	mantic	*
Linux-lowlatency	Ubuntu	kinetic	*
Linux-lowlatency	Ubuntu	lunar	*
Linux-lowlatency	Ubuntu	mantic	*
Linux-lowlatency	Ubuntu	oracular	*
Linux-lowlatency-hwe-5.15	Ubuntu	esm-infra/focal	*
Linux-lowlatency-hwe-5.15	Ubuntu	focal	*
Linux-lowlatency-hwe-5.19	Ubuntu	jammy	*
Linux-lowlatency-hwe-5.19	Ubuntu	upstream	*
Linux-lowlatency-hwe-6.11	Ubuntu	noble	*
Linux-lowlatency-hwe-6.2	Ubuntu	jammy	*
Linux-lowlatency-hwe-6.2	Ubuntu	upstream	*
Linux-lowlatency-hwe-6.5	Ubuntu	jammy	*
Linux-lts-xenial	Ubuntu	esm-infra-legacy/trusty	*
Linux-lts-xenial	Ubuntu	trusty	*
Linux-lts-xenial	Ubuntu	trusty/esm	*
Linux-nvidia-6.11	Ubuntu	noble	*
Linux-nvidia-6.2	Ubuntu	jammy	*
Linux-nvidia-6.2	Ubuntu	upstream	*
Linux-nvidia-6.5	Ubuntu	jammy	*
Linux-nvidia-tegra-5.15	Ubuntu	esm-infra/focal	*
Linux-nvidia-tegra-5.15	Ubuntu	focal	*
Linux-oem	Ubuntu	bionic	*
Linux-oem	Ubuntu	esm-infra/bionic	*
Linux-oem	Ubuntu	upstream	*
Linux-oem	Ubuntu	xenial	*
Linux-oem-5.10	Ubuntu	esm-infra/focal	*
Linux-oem-5.10	Ubuntu	focal	*
Linux-oem-5.10	Ubuntu	upstream	*
Linux-oem-5.14	Ubuntu	esm-infra/focal	*
Linux-oem-5.14	Ubuntu	focal	*
Linux-oem-5.14	Ubuntu	upstream	*
Linux-oem-5.17	Ubuntu	jammy	*
Linux-oem-5.17	Ubuntu	kinetic	*
Linux-oem-5.17	Ubuntu	upstream	*
Linux-oem-5.6	Ubuntu	esm-infra/focal	*
Linux-oem-5.6	Ubuntu	focal	*
Linux-oem-5.6	Ubuntu	upstream	*
Linux-oem-6.0	Ubuntu	jammy	*
Linux-oem-6.0	Ubuntu	upstream	*
Linux-oem-6.1	Ubuntu	jammy	*
Linux-oem-6.1	Ubuntu	upstream	*
Linux-oem-6.11	Ubuntu	noble	*
Linux-oem-6.5	Ubuntu	jammy	*
Linux-oem-6.5	Ubuntu	upstream	*
Linux-oem-6.8	Ubuntu	noble	*
Linux-oem-osp1	Ubuntu	bionic	*
Linux-oem-osp1	Ubuntu	upstream	*
Linux-oracle	Ubuntu	bionic	*
Linux-oracle	Ubuntu	esm-infra/bionic	*
Linux-oracle	Ubuntu	esm-infra/focal	*
Linux-oracle	Ubuntu	esm-infra/xenial	*
Linux-oracle	Ubuntu	focal	*
Linux-oracle	Ubuntu	groovy	*
Linux-oracle	Ubuntu	hirsute	*
Linux-oracle	Ubuntu	impish	*
Linux-oracle	Ubuntu	kinetic	*
Linux-oracle	Ubuntu	lunar	*
Linux-oracle	Ubuntu	mantic	*
Linux-oracle	Ubuntu	oracular	*
Linux-oracle	Ubuntu	plucky	*
Linux-oracle	Ubuntu	xenial	*
Linux-oracle-5.0	Ubuntu	bionic	*
Linux-oracle-5.0	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.0	Ubuntu	upstream	*
Linux-oracle-5.11	Ubuntu	esm-infra/focal	*
Linux-oracle-5.11	Ubuntu	focal	*
Linux-oracle-5.11	Ubuntu	upstream	*
Linux-oracle-5.13	Ubuntu	esm-infra/focal	*
Linux-oracle-5.13	Ubuntu	focal	*
Linux-oracle-5.13	Ubuntu	upstream	*
Linux-oracle-5.15	Ubuntu	esm-infra/focal	*
Linux-oracle-5.15	Ubuntu	focal	*
Linux-oracle-5.3	Ubuntu	bionic	*
Linux-oracle-5.3	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.3	Ubuntu	upstream	*
Linux-oracle-5.4	Ubuntu	bionic	*
Linux-oracle-5.4	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.8	Ubuntu	esm-infra/focal	*
Linux-oracle-5.8	Ubuntu	focal	*
Linux-oracle-5.8	Ubuntu	upstream	*
Linux-oracle-6.14	Ubuntu	noble	*
Linux-oracle-6.5	Ubuntu	jammy	*
Linux-oracle-6.5	Ubuntu	upstream	*
Linux-raspi	Ubuntu	esm-infra/focal	*
Linux-raspi	Ubuntu	focal	*
Linux-raspi	Ubuntu	groovy	*
Linux-raspi	Ubuntu	hirsute	*
Linux-raspi	Ubuntu	impish	*
Linux-raspi	Ubuntu	kinetic	*
Linux-raspi	Ubuntu	lunar	*
Linux-raspi	Ubuntu	mantic	*
Linux-raspi	Ubuntu	oracular	*
Linux-raspi	Ubuntu	plucky	*
Linux-raspi-5.4	Ubuntu	bionic	*
Linux-raspi-5.4	Ubuntu	esm-infra/bionic	*
Linux-raspi-realtime	Ubuntu	noble	*
Linux-raspi2	Ubuntu	bionic	*
Linux-raspi2	Ubuntu	esm-infra/focal	*
Linux-raspi2	Ubuntu	focal	*
Linux-raspi2	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	xenial	*
Linux-raspi2-5.3	Ubuntu	bionic	*
Linux-raspi2-5.3	Ubuntu	upstream	*
Linux-realtime	Ubuntu	jammy	*
Linux-realtime	Ubuntu	noble	*
Linux-realtime	Ubuntu	oracular	*
Linux-realtime	Ubuntu	plucky	*
Linux-realtime-6.14	Ubuntu	realtime/noble	*
Linux-riscv	Ubuntu	esm-infra/focal	*
Linux-riscv	Ubuntu	focal	*
Linux-riscv	Ubuntu	groovy	*
Linux-riscv	Ubuntu	hirsute	*
Linux-riscv	Ubuntu	impish	*
Linux-riscv	Ubuntu	jammy	*
Linux-riscv	Ubuntu	kinetic	*
Linux-riscv	Ubuntu	lunar	*
Linux-riscv	Ubuntu	mantic	*
Linux-riscv	Ubuntu	noble	*
Linux-riscv	Ubuntu	oracular	*
Linux-riscv	Ubuntu	plucky	*
Linux-riscv-5.11	Ubuntu	esm-infra/focal	*
Linux-riscv-5.11	Ubuntu	focal	*
Linux-riscv-5.11	Ubuntu	upstream	*
Linux-riscv-5.15	Ubuntu	esm-infra/focal	*
Linux-riscv-5.15	Ubuntu	focal	*
Linux-riscv-5.19	Ubuntu	jammy	*
Linux-riscv-5.19	Ubuntu	upstream	*
Linux-riscv-5.8	Ubuntu	esm-infra/focal	*
Linux-riscv-5.8	Ubuntu	focal	*
Linux-riscv-5.8	Ubuntu	upstream	*
Linux-riscv-6.14	Ubuntu	noble	*
Linux-riscv-6.5	Ubuntu	jammy	*
Linux-riscv-6.5	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	bionic	*
Linux-snapdragon	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	xenial	*
Linux-starfive	Ubuntu	kinetic	*
Linux-starfive	Ubuntu	lunar	*
Linux-starfive	Ubuntu	mantic	*
Linux-starfive-5.19	Ubuntu	jammy	*
Linux-starfive-5.19	Ubuntu	upstream	*
Linux-starfive-6.2	Ubuntu	jammy	*
Linux-starfive-6.2	Ubuntu	upstream	*
Linux-starfive-6.5	Ubuntu	jammy	*
Linux-starfive-6.5	Ubuntu	upstream	*
Linux-xilinx	Ubuntu	plucky	*
Linux-xilinx-zynqmp	Ubuntu	esm-infra/focal	*
Linux-xilinx-zynqmp	Ubuntu	focal	*

Potential Mitigations

Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-26559
CWE	https://cwe.mitre.org/data/definitions/863.html

Incorrect Authorization

Weakness

Affected Software

Potential Mitigations

References