Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-15 | CVE-2022-31153 | Incorrect Authorization vulnerability in Openzeppelin Contracts 0.2.0 OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. | 6.5 |
| 2022-07-15 | CVE-2022-31107 | Incorrect Authorization vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 7.5 |
| 2022-07-14 | CVE-2022-2408 | Incorrect Authorization vulnerability in Mattermost The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels. | 4.3 |
| 2022-07-11 | CVE-2022-31139 | Incorrect Authorization vulnerability in Unsafe Accessor Project Unsafe Accessor UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. | 7.5 |
| 2022-07-11 | CVE-2022-32294 | Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15 Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). | 9.8 |
| 2022-07-06 | CVE-2022-32290 | Incorrect Authorization vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2 The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. | 4.3 |
| 2022-07-05 | CVE-2022-32310 | Incorrect Authorization vulnerability in Ingredient Stock Management System Project Ingredient Stock Management System 1.0 An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. | 9.8 |
| 2022-07-01 | CVE-2022-1981 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. | 2.7 |
| 2022-07-01 | CVE-2022-1983 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. | 4.3 |
| 2022-06-30 | CVE-2022-34782 | Incorrect Authorization vulnerability in Jenkins Requests An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | 4.3 |