Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-03-22 CVE-2017-0920 Incorrect Authorization vulnerability in Gitlab
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
network
low complexity
gitlab CWE-863
4.3
2018-03-21 CVE-2017-0927 Incorrect Authorization vulnerability in Gitlab
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
network
low complexity
gitlab CWE-863
6.5
2018-03-21 CVE-2017-0926 Incorrect Authorization vulnerability in multiple products
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
network
low complexity
gitlab debian CWE-863
8.8
2018-03-21 CVE-2017-0922 Incorrect Authorization vulnerability in Gitlab
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
network
low complexity
gitlab CWE-863
7.5
2018-03-20 CVE-2017-17668 Incorrect Authorization vulnerability in NCR S1 Dispenser Controller Firmware
Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
network
low complexity
ncr CWE-863
7.5
2018-03-13 CVE-2018-1057 Incorrect Authorization vulnerability in multiple products
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
network
low complexity
debian canonical samba CWE-863
8.8
2018-03-13 CVE-2018-1000114 Incorrect Authorization vulnerability in Jenkins Promoted Builds
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
network
low complexity
jenkins CWE-863
4.3
2018-03-13 CVE-2018-1000112 Incorrect Authorization vulnerability in Jenkins Mercurial
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
2018-03-13 CVE-2018-1000111 Incorrect Authorization vulnerability in Jenkins Subversion
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
2018-03-13 CVE-2018-1000110 Incorrect Authorization vulnerability in Jenkins GIT
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3