Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-2117 | Incorrect Default Permissions vulnerability in Jenkins Pipeline Github Notify Step A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2020-02-07 | CVE-2019-14002 | Incorrect Default Permissions vulnerability in Qualcomm products APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 | 7.8 |
| 2020-02-06 | CVE-2019-20106 | Incorrect Default Permissions vulnerability in Atlassian products Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. | 4.3 |
| 2020-02-05 | CVE-2020-7977 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | 5.3 |
| 2020-02-05 | CVE-2020-7972 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | 7.5 |
| 2020-02-05 | CVE-2020-7967 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | 4.3 |
| 2020-02-05 | CVE-2020-8114 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 9.8 |
| 2020-02-05 | CVE-2020-7979 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 5.3 |
| 2020-01-30 | CVE-2020-5231 | Incorrect Default Permissions vulnerability in Apereo Opencast In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. | 6.5 |
| 2020-01-27 | CVE-2014-7303 | Incorrect Default Permissions vulnerability in HP SGI Tempo SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | 7.8 |