Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36891 | Missing Authorization vulnerability in Jenkins Deployer Framework A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | 4.3 |
| 2022-07-27 | CVE-2022-36892 | Missing Authorization vulnerability in Jenkins Rhnpush-Plugin Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
| 2022-07-27 | CVE-2022-36893 | Missing Authorization vulnerability in Jenkins Rpmsign-Plugin Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
| 2022-07-27 | CVE-2022-36895 | Missing Authorization vulnerability in Jenkins Compuware Topaz Utilities A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-07-27 | CVE-2022-36896 | Missing Authorization vulnerability in Jenkins Compuware Source Code Download for Endevor, Pds, and Ispw 2.0.12 A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-07-27 | CVE-2022-36897 | Missing Authorization vulnerability in Jenkins Compuware Xpediter Code Coverage A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-07-27 | CVE-2022-36898 | Missing Authorization vulnerability in Jenkins Compuware Ispw Operations A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-07-27 | CVE-2022-36903 | Missing Authorization vulnerability in Jenkins Repository Connector A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-07-27 | CVE-2022-36904 | Missing Authorization vulnerability in Jenkins Repository Connector Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |
| 2022-07-27 | CVE-2022-36907 | Missing Authorization vulnerability in Jenkins Openshift Deployer A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 |