Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2021-03-24 CVE-2021-22176 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting with 3.0.1.
network
low complexity
gitlab CWE-863
4.3
2021-03-23 CVE-2021-28824 Incorrect Authorization vulnerability in Tibco Activespaces
The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-863
8.8
2021-03-23 CVE-2021-28823 Incorrect Authorization vulnerability in Tibco Eftl
The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-863
7.8
2021-03-23 CVE-2021-28821 Incorrect Authorization vulnerability in Tibco Enterprise Message Service 8.5.1
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-863
7.8
2021-03-23 CVE-2021-28819 Incorrect Authorization vulnerability in Tibco FTL
The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-863
7.8
2021-03-22 CVE-2021-28146 Incorrect Authorization vulnerability in Grafana
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue.
network
low complexity
grafana CWE-863
6.5
2021-03-18 CVE-2021-28791 Incorrect Authorization vulnerability in Swiftformat Project Swiftformat
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace.
local
low complexity
swiftformat-project CWE-863
7.8
2021-03-18 CVE-2021-21624 Incorrect Authorization vulnerability in Jenkins Role-Based Authorization Strategy
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
network
low complexity
jenkins CWE-863
4.3
2021-03-18 CVE-2021-21623 Incorrect Authorization vulnerability in Jenkins Matrix Authorization Strategy
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
network
low complexity
jenkins CWE-863
6.5
2021-03-18 CVE-2021-28681 Incorrect Authorization vulnerability in Webrtc Project Webrtc
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed.
network
low complexity
webrtc-project CWE-863
5.3