Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-1000420 | Incorrect Authorization vulnerability in Apache Mesos An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | 6.5 |
| 2019-01-09 | CVE-2018-1000418 | Incorrect Authorization vulnerability in Atlassian Hipchat An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-01-09 | CVE-2018-1000412 | Incorrect Authorization vulnerability in Jenkins Jira An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-01-08 | CVE-2019-0552 | Incorrect Authorization vulnerability in Microsoft products An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-12-28 | CVE-2018-7366 | Incorrect Authorization vulnerability in ZTE Zxv10 B860Av2.1 Chinamobile Firmware ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | 6.8 |
| 2018-12-24 | CVE-2018-15465 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. | 8.1 |
| 2018-12-19 | CVE-2018-17195 | Incorrect Authorization vulnerability in Apache Nifi The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. | 7.5 |
| 2018-12-14 | CVE-2018-20147 | Incorrect Authorization vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. | 6.5 |
| 2018-12-13 | CVE-2018-15774 | Incorrect Authorization vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. | 8.8 |
| 2018-12-13 | CVE-2018-15754 | Incorrect Authorization vulnerability in Pivotal Software Cloud Foundry Uaa-Release Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. | 8.8 |