Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2022-45172 | Incorrect Authorization vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk before v018. | 9.8 |
| 2023-01-31 | CVE-2022-45435 | Incorrect Authorization vulnerability in Sailpoint Identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration. | 6.5 |
| 2023-01-20 | CVE-2023-20018 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 6.5 |
| 2023-01-17 | CVE-2022-23739 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. | 9.8 |
| 2023-01-14 | CVE-2023-22480 | Incorrect Authorization vulnerability in Fit2Cloud Kubeoperator KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. | 9.8 |
| 2023-01-13 | CVE-2023-0091 | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. | 3.8 |
| 2023-01-12 | CVE-2022-4167 | Incorrect Authorization vulnerability in Gitlab Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them. | 7.5 |
| 2023-01-11 | CVE-2023-22945 | Incorrect Authorization vulnerability in multiple products In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | 4.3 |
| 2023-01-09 | CVE-2015-10033 | Incorrect Authorization vulnerability in Merlinsboard Project Merlinsboard A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. | 6.5 |
| 2023-01-09 | CVE-2022-46258 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. | 6.5 |