Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-07-27 CVE-2022-36909 Missing Authorization vulnerability in Jenkins Openshift Deployer
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.
network
low complexity
jenkins CWE-862
6.5
6.5
2022-07-27 CVE-2022-36910 Missing Authorization vulnerability in Jenkins Lucene-Search 370.V62A5F618Cd3A
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.
network
low complexity
jenkins CWE-862
5.4
5.4
2022-07-27 CVE-2022-36912 Missing Authorization vulnerability in Jenkins Openstack Heat 1.5
A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36913 Missing Authorization vulnerability in Jenkins Openstack Heat 1.5
Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36914 Missing Authorization vulnerability in Jenkins Files Found Trigger
Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36915 Missing Authorization vulnerability in Jenkins Android Signing 2.2.5
Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36917 Missing Authorization vulnerability in Jenkins Google Cloud Backup 0.6
A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36918 Missing Authorization vulnerability in Jenkins Buckminster 1.1.1
Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36919 Missing Authorization vulnerability in Jenkins Coverity
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
4.3
2022-07-27 CVE-2022-36921 Missing Authorization vulnerability in Jenkins Coverity
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
8.1
8.1