Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-2258 | Incorrect Authorization vulnerability in Jenkins Health Advisor BY Cloudbees Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | 4.3 |
| 2020-09-14 | CVE-2020-15590 | Incorrect Authorization vulnerability in Privateinternetaccess Private Internet Access VPN Client 1.5.0 A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. | 7.5 |
| 2020-09-14 | CVE-2020-13313 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 4.3 |
| 2020-09-14 | CVE-2020-13300 | Incorrect Authorization vulnerability in Gitlab 13.3.0/13.3.1/13.3.2 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 10.0 |
| 2020-09-14 | CVE-2020-13284 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 6.5 |
| 2020-09-13 | CVE-2020-25284 | Incorrect Authorization vulnerability in multiple products The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | 4.1 |
| 2020-09-04 | CVE-2020-3530 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. | 8.4 |
| 2020-09-04 | CVE-2020-3473 | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. | 7.8 |
| 2020-09-04 | CVE-2020-24941 | Incorrect Authorization vulnerability in Laravel An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. | 7.5 |
| 2020-09-03 | CVE-2020-5418 | Incorrect Authorization vulnerability in Cloudfoundry Capi-Release Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). | 4.3 |