Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-5159 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | 2.7 |
| 2023-09-29 | CVE-2023-5193 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. | 2.7 |
| 2023-09-29 | CVE-2023-5194 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager | 4.3 |
| 2023-09-29 | CVE-2023-5195 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | 5.4 |
| 2023-09-29 | CVE-2023-3920 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. | 4.3 |
| 2023-09-27 | CVE-2023-41078 | Incorrect Authorization vulnerability in Apple Macos An authorization issue was addressed with improved state management. | 5.5 |
| 2023-09-20 | CVE-2023-4853 | Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. | 8.1 |
| 2023-09-19 | CVE-2022-47553 | Incorrect Authorization vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server. | 7.5 |
| 2023-09-14 | CVE-2023-4814 | Incorrect Authorization vulnerability in Trellix Data Loss Prevention 11.10.100.17 A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | 7.1 |
| 2023-09-13 | CVE-2023-20190 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. | 5.3 |