Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-11 | CVE-2022-31139 | Incorrect Authorization vulnerability in Unsafe Accessor Project Unsafe Accessor UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. | 7.5 |
| 2022-07-11 | CVE-2022-32294 | Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15 Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). | 9.8 |
| 2022-07-06 | CVE-2022-32290 | Incorrect Authorization vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2 The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. | 4.3 |
| 2022-07-05 | CVE-2022-32310 | Incorrect Authorization vulnerability in Ingredient Stock Management System Project Ingredient Stock Management System 1.0 An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. | 9.8 |
| 2022-07-01 | CVE-2022-1981 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. | 2.7 |
| 2022-07-01 | CVE-2022-1983 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. | 4.3 |
| 2022-06-30 | CVE-2022-34782 | Incorrect Authorization vulnerability in Jenkins Requests An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | 4.3 |
| 2022-06-30 | CVE-2022-34785 | Incorrect Authorization vulnerability in Jenkins Build-Metrics Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | 4.3 |
| 2022-06-30 | CVE-2022-34814 | Incorrect Authorization vulnerability in Jenkins Request Rename or Delete Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | 4.3 |
| 2022-06-29 | CVE-2022-29271 | Incorrect Authorization vulnerability in Nagios XI In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. | 6.5 |