Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2022-31670 Incorrect Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.
network
low complexity
linuxfoundation CWE-863
7.7
2024-11-14 CVE-2022-31671 Incorrect Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs.
network
low complexity
linuxfoundation CWE-863
7.4
2024-11-14 CVE-2024-9693 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.
network
low complexity
gitlab CWE-863
8.8
2024-11-12 CVE-2024-50310 Incorrect Authorization vulnerability in Siemens Simatic CP 1543-1 Firmware
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50).
network
low complexity
siemens CWE-863
7.5
2024-11-09 CVE-2024-42000 Incorrect Authorization vulnerability in Mattermost Server
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels  which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels.
network
low complexity
mattermost CWE-863
4.3
2024-11-06 CVE-2024-20537 Incorrect Authorization vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions.
network
low complexity
cisco CWE-863
6.5
2024-11-04 CVE-2024-45164 Incorrect Authorization vulnerability in Akamai Secure Internet Access Enterprise Threatavert 19.2.0.2
Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page.
network
low complexity
akamai CWE-863
7.1
2024-11-01 CVE-2024-49256 Incorrect Authorization vulnerability in Wpchill Htaccess File Editor
Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18.
network
low complexity
wpchill CWE-863
8.8
2024-10-29 CVE-2024-48921 Incorrect Authorization vulnerability in Nirmata Kyverno
Kyverno is a policy engine designed for Kubernetes.
network
low complexity
nirmata CWE-863
2.7
2024-10-28 CVE-2024-44217 Incorrect Authorization vulnerability in Apple Iphone OS
A permissions issue was addressed by removing vulnerable code and adding additional checks.
network
low complexity
apple CWE-863
critical
9.1