Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-32979 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Email Extension Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. | 4.3 |
| 2023-05-16 | CVE-2023-32986 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins File Parameters Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 8.8 |
| 2023-05-12 | CVE-2023-28522 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM API Connect 10.0.0.0/10.0.1.0/10.0.1.1 IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. | 8.8 |
| 2023-05-11 | CVE-2023-31445 | Incorrect Permission Assignment for Critical Resource vulnerability in Cassianetworks Access Controller 2.0.1 Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. | 5.3 |
| 2023-05-10 | CVE-2022-38103 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC Software Studio Service Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access | 7.8 |
| 2023-05-10 | CVE-2022-41658 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Vtune Profiler Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-05-10 | CVE-2022-41699 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Quickassist Technology 1.6 Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-05-10 | CVE-2022-41771 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Quickassist Technology 1.6 Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2023-05-10 | CVE-2022-46656 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC PRO Software Suite Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-05-08 | CVE-2023-2478 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. | 6.5 |