Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-3582 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, | 4.3 |
| 2023-07-17 | CVE-2023-3584 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme. | 3.1 |
| 2023-07-17 | CVE-2023-3586 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. | 5.4 |
| 2023-07-17 | CVE-2023-3590 | Incorrect Authorization vulnerability in Mattermost Server 7.10.0/7.10.1/7.10.2 Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. | 7.5 |
| 2023-07-17 | CVE-2023-3613 | Incorrect Authorization vulnerability in Mattermost Server Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. | 3.5 |
| 2023-07-13 | CVE-2023-3444 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches. | 6.5 |
| 2023-07-07 | CVE-2023-36994 | Incorrect Authorization vulnerability in Travianz Project Travianz 8.3.3/8.3.4 In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | 9.8 |
| 2023-07-06 | CVE-2022-48508 | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Inappropriate authorization vulnerability in the system apps. | 7.5 |
| 2023-07-06 | CVE-2022-46080 | Incorrect Authorization vulnerability in Nexxtsolutions Nebula1200-Ac Firmware 15.03.06.60 Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. | 9.8 |
| 2023-07-06 | CVE-2023-29656 | Incorrect Authorization vulnerability in Darktrace Threat Visualizer 6.0.0 An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. | 6.1 |