Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-34785 | Incorrect Authorization vulnerability in Jenkins Build-Metrics Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. | 4.3 |
| 2022-06-30 | CVE-2022-34814 | Incorrect Authorization vulnerability in Jenkins Request Rename or Delete Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | 4.3 |
| 2022-06-29 | CVE-2022-29271 | Incorrect Authorization vulnerability in Nagios XI In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. | 6.5 |
| 2022-06-29 | CVE-2022-32532 | Incorrect Authorization vulnerability in Apache Shiro Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. | 9.8 |
| 2022-06-27 | CVE-2022-31087 | Incorrect Authorization vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 7.8 |
| 2022-06-27 | CVE-2022-31039 | Incorrect Authorization vulnerability in Bigbluebutton Greenlight Greenlight is a simple front-end interface for your BigBlueButton server. | 5.3 |
| 2022-06-24 | CVE-2022-1746 | Incorrect Authorization vulnerability in Dominionvoting Imagecast X 5.5.10.30/5.5.10.32 The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. | 7.6 |
| 2022-06-23 | CVE-2022-22967 | Incorrect Authorization vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. | 8.8 |
| 2022-06-23 | CVE-2022-34180 | Incorrect Authorization vulnerability in Jenkins Embeddable Build Status Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | 7.5 |
| 2022-06-20 | CVE-2017-20066 | Incorrect Authorization vulnerability in Adminer Login Project Adminer Login 1.4.4 A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. | 7.8 |