Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-3444 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches. | 6.5 |
| 2023-07-12 | CVE-2023-30428 | Incorrect Authorization vulnerability in Apache Pulsar Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0. The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. | 8.1 |
| 2023-07-12 | CVE-2023-30429 | Incorrect Authorization vulnerability in Apache Pulsar Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions. | 8.8 |
| 2023-07-12 | CVE-2023-35908 | Incorrect Authorization vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected | 6.5 |
| 2023-07-12 | CVE-2023-37579 | Incorrect Authorization vulnerability in Apache Pulsar Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. | 6.5 |
| 2023-07-07 | CVE-2023-36994 | Incorrect Authorization vulnerability in Travianz Project Travianz 8.3.3/8.3.4 In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | 9.8 |
| 2023-07-06 | CVE-2022-48508 | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Inappropriate authorization vulnerability in the system apps. | 7.5 |
| 2023-07-06 | CVE-2022-46080 | Incorrect Authorization vulnerability in Nexxtsolutions Nebula1200-Ac Firmware 15.03.06.60 Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. | 9.8 |
| 2023-07-06 | CVE-2023-29656 | Incorrect Authorization vulnerability in Darktrace Threat Visualizer 6.0.0 An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. | 6.1 |
| 2023-07-05 | CVE-2023-35939 | Incorrect Authorization vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 8.1 |