Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-21 | CVE-2022-1070 | Missing Authorization vulnerability in Aethon TUG Home Base Server Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | 8.1 |
| 2022-10-21 | CVE-2022-26423 | Missing Authorization vulnerability in Aethon TUG Home Base Server Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | 7.5 |
| 2022-10-19 | CVE-2022-43413 | Missing Authorization vulnerability in Jenkins JOB Import Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-10-19 | CVE-2022-43417 | Missing Authorization vulnerability in Jenkins Katalon Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2022-10-19 | CVE-2022-43421 | Missing Authorization vulnerability in Jenkins Tuleap GIT Branch Source A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | 5.3 |
| 2022-10-19 | CVE-2022-43427 | Missing Authorization vulnerability in Jenkins Compuware Topaz for Total Test Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-10-19 | CVE-2022-43431 | Missing Authorization vulnerability in Jenkins Compuware Strobe Measurement Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-10-19 | CVE-2022-39233 | Missing Authorization vulnerability in Enalean Tuleap Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. | 5.4 |
| 2022-10-17 | CVE-2022-3082 | Missing Authorization vulnerability in Miniorange Discord Integration The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example | 6.5 |
| 2022-10-17 | CVE-2022-3244 | Missing Authorization vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | 4.2 |