Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-11-28 CVE-2022-24189 Incorrect Authorization vulnerability in Sz-Fujia Ourphoto 1.4.1
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly.
network
low complexity
sz-fujia CWE-863
6.5
2022-11-28 CVE-2022-41944 Incorrect Authorization vulnerability in Discourse
Discourse is an open-source discussion platform.
network
low complexity
discourse CWE-863
4.3
2022-11-23 CVE-2022-41923 Incorrect Authorization vulnerability in Grails Spring Security Core
Grails Spring Security Core plugin is vulnerable to privilege escalation.
network
low complexity
grails CWE-863
critical
9.8
2022-11-17 CVE-2022-36785 Incorrect Authorization vulnerability in Dlink G Integrated Access Device4 Firmware 1.0
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A.
network
low complexity
dlink CWE-863
7.5
2022-11-15 CVE-2022-20928 Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow.
network
low complexity
cisco CWE-863
5.8
2022-11-15 CVE-2022-45383 Incorrect Authorization vulnerability in Jenkins Support Core
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
network
low complexity
jenkins CWE-863
6.5
2022-11-15 CVE-2022-42978 Incorrect Authorization vulnerability in Atlassian Confluence Data Center
In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled.
network
low complexity
atlassian CWE-863
7.5
2022-11-14 CVE-2022-39385 Incorrect Authorization vulnerability in Discourse
Discourse is the an open source discussion platform.
network
low complexity
discourse CWE-863
6.5
2022-11-10 CVE-2022-39388 Incorrect Authorization vulnerability in Istio 1.15.0/1.15.1/1.15.2
Istio is an open platform to connect, manage, and secure microservices.
low complexity
istio CWE-863
3.5
2022-11-10 CVE-2022-3819 Incorrect Authorization vulnerability in Gitlab
An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.
network
low complexity
gitlab CWE-863
4.3