Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-26 | CVE-2023-24453 | Missing Authorization vulnerability in Jenkins Testquality Updater 1.1/1.3 A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 |
2023-01-26 | CVE-2023-24459 | Missing Authorization vulnerability in Jenkins Bearychat A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 |
2023-01-26 | CVE-2022-3482 | Missing Authorization vulnerability in Gitlab An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | 5.3 |
2023-01-19 | CVE-2023-0404 | Missing Authorization vulnerability in E-Dynamics Events Made Easy The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. | 5.4 |
2023-01-18 | CVE-2023-0242 | Missing Authorization vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor allows users to be created with different privileges on the server. | 8.8 |
2023-01-18 | CVE-2022-41417 | Missing Authorization vulnerability in Blogengine Blogengine.Net 3.3.8.0 BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | 9.8 |
2023-01-18 | CVE-2020-22007 | Missing Authorization vulnerability in Okerthai G955V1 Firmware 1.03.02.20161128 OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges. | 6.8 |
2023-01-17 | CVE-2018-14628 | Missing Authorization vulnerability in multiple products An information leak vulnerability was discovered in Samba's LDAP server. | 4.3 |
2023-01-14 | CVE-2023-22478 | Missing Authorization vulnerability in Fit2Cloud Kubepi KubePi is a modern Kubernetes panel. | 7.5 |
2023-01-13 | CVE-2023-22489 | Missing Authorization vulnerability in Flarum Flarum is a discussion platform for websites. | 3.5 |