Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-22 | CVE-2017-0920 | Incorrect Authorization vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | 4.3 |
2018-03-21 | CVE-2017-0927 | Incorrect Authorization vulnerability in Gitlab Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. | 6.5 |
2018-03-21 | CVE-2017-0926 | Incorrect Authorization vulnerability in multiple products Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | 8.8 |
2018-03-21 | CVE-2017-0922 | Incorrect Authorization vulnerability in Gitlab Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | 7.5 |
2018-03-20 | CVE-2017-17668 | Incorrect Authorization vulnerability in NCR S1 Dispenser Controller Firmware Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. | 7.5 |
2018-03-13 | CVE-2018-1057 | Incorrect Authorization vulnerability in multiple products On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | 8.8 |
2018-03-13 | CVE-2018-1000114 | Incorrect Authorization vulnerability in Jenkins Promoted Builds An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. | 4.3 |
2018-03-13 | CVE-2018-1000112 | Incorrect Authorization vulnerability in Jenkins Mercurial An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |
2018-03-13 | CVE-2018-1000111 | Incorrect Authorization vulnerability in Jenkins Subversion An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |
2018-03-13 | CVE-2018-1000110 | Incorrect Authorization vulnerability in Jenkins GIT An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |