Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-20 | CVE-2017-17668 | Incorrect Authorization vulnerability in NCR S1 Dispenser Controller Firmware Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. | 7.8 |
| 2018-03-13 | CVE-2018-1057 | Incorrect Authorization vulnerability in multiple products On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | 6.5 |
| 2018-03-13 | CVE-2018-1000114 | Incorrect Authorization vulnerability in Jenkins Promoted Builds An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. | 4.0 |
| 2018-03-13 | CVE-2018-1000112 | Incorrect Authorization vulnerability in Jenkins Mercurial An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.0 |
| 2018-03-13 | CVE-2018-1000111 | Incorrect Authorization vulnerability in Jenkins Subversion An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.0 |
| 2018-03-13 | CVE-2018-1000110 | Incorrect Authorization vulnerability in Jenkins GIT An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.0 |
| 2018-03-13 | CVE-2018-1000109 | Incorrect Authorization vulnerability in Jenkins Google-Play-Android-Publisher An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. | 4.0 |
| 2018-03-13 | CVE-2018-1000107 | Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. | 4.0 |
| 2018-03-13 | CVE-2018-1000106 | Incorrect Authorization vulnerability in Jenkins Gerrit Trigger An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. | 5.5 |
| 2018-03-13 | CVE-2018-1000105 | Incorrect Authorization vulnerability in Jenkins Gerrit Trigger An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins. | 4.0 |