Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-10-09 CVE-2023-45369 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
network
low complexity
mediawiki CWE-732
4.3
4.3
2023-10-09 CVE-2023-45364 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1.
network
low complexity
mediawiki debian CWE-732
5.3
5.3
2023-10-06 CVE-2023-36465 Incorrect Permission Assignment for Critical Resource vulnerability in Decidim
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website.
network
low complexity
decidim CWE-732
7.1
7.1
2023-09-29 CVE-2023-5077 Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets.
network
low complexity
hashicorp CWE-732
7.5
7.5
2023-09-27 CVE-2023-20254 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Sd-Wan Manager
A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance.
network
low complexity
cisco CWE-732
8.8
8.8
2023-09-27 CVE-2023-4565 Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos
Broadcast permission control vulnerability in the framework module.
network
low complexity
huawei CWE-732
5.3
5.3
2023-09-25 CVE-2023-41295 Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos
Vulnerability of improper permission management in the displayengine module.
network
low complexity
huawei CWE-732
5.3
5.3
2023-09-12 CVE-2023-32005 Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API.
network
low complexity
nodejs CWE-732
5.3
5.3
2023-09-08 CVE-2023-4777 Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. 
network
low complexity
qualys CWE-732
4.3
4.3
2023-09-01 CVE-2023-3915 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1.
network
low complexity
gitlab CWE-732
7.2
7.2