Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-16 | CVE-2023-2783 | Missing Authorization vulnerability in Mattermost Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | 4.3 |
| 2023-06-16 | CVE-2023-2784 | Missing Authorization vulnerability in Mattermost Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | 6.5 |
| 2023-06-16 | CVE-2023-2786 | Missing Authorization vulnerability in Mattermost Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. | 4.3 |
| 2023-06-16 | CVE-2023-2787 | Missing Authorization vulnerability in Mattermost Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | 6.5 |
| 2023-06-16 | CVE-2023-2791 | Missing Authorization vulnerability in Mattermost When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | 4.3 |
| 2023-06-16 | CVE-2023-34165 | Missing Authorization vulnerability in Huawei Harmonyos 2.1 Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | 5.3 |
| 2023-06-15 | CVE-2023-21122 | Missing Authorization vulnerability in Google Android In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. | 7.8 |
| 2023-06-15 | CVE-2023-21123 | Missing Authorization vulnerability in Google Android In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. | 7.8 |
| 2023-06-14 | CVE-2023-35149 | Missing Authorization vulnerability in Jenkins Digital.Ai APP Management Publisher A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 6.5 |
| 2023-06-09 | CVE-2023-2189 | Missing Authorization vulnerability in Staxwp Stax The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. | 4.3 |