Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-0269 | Incorrect Authorization vulnerability in Cisco Digital Network Architecture Center 1.1 A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. | 4.3 |
| 2018-04-18 | CVE-2018-7245 | Incorrect Authorization vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 9.1 |
| 2018-04-18 | CVE-2017-12196 | Incorrect Authorization vulnerability in Redhat products undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. | 5.9 |
| 2018-04-11 | CVE-2017-2599 | Incorrect Authorization vulnerability in Jenkins Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. | 5.4 |
| 2018-04-05 | CVE-2018-1000152 | Incorrect Authorization vulnerability in Jenkins Vsphere An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection"). | 6.3 |
| 2018-03-30 | CVE-2017-1766 | Incorrect Authorization vulnerability in IBM Business Process Manager Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. | 4.3 |
| 2018-03-22 | CVE-2017-0920 | Incorrect Authorization vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | 4.3 |
| 2018-03-21 | CVE-2017-0927 | Incorrect Authorization vulnerability in Gitlab Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. | 6.5 |
| 2018-03-21 | CVE-2017-0926 | Incorrect Authorization vulnerability in multiple products Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | 8.8 |
| 2018-03-21 | CVE-2017-0922 | Incorrect Authorization vulnerability in Gitlab Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | 7.5 |