Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-39154 | Incorrect Authorization vulnerability in Jenkins Qualys web APP Scanning Connector Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2023-07-26 | CVE-2023-2640 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. | 7.8 |
| 2023-07-26 | CVE-2023-32629 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | 7.8 |
| 2023-07-25 | CVE-2023-38503 | Incorrect Authorization vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 6.5 |
| 2023-07-25 | CVE-2023-36826 | Incorrect Authorization vulnerability in Sentry Sentry is an error tracking and performance monitoring platform. | 6.5 |
| 2023-07-24 | CVE-2023-38058 | Incorrect Authorization vulnerability in Otrs An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. | 4.3 |
| 2023-07-21 | CVE-2023-36339 | Incorrect Authorization vulnerability in Webboss Webboss.Io CMS An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | 7.5 |
| 2023-07-20 | CVE-2023-32482 | Incorrect Authorization vulnerability in Dell Wyse Management Suite Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. | 4.9 |
| 2023-07-18 | CVE-2023-34035 | Incorrect Authorization vulnerability in VMWare Spring Security Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints | 5.3 |
| 2023-07-18 | CVE-2022-26563 | Incorrect Authorization vulnerability in Tildeslash Monit An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. | 8.8 |