Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-17 | CVE-2022-30954 | Missing Authorization vulnerability in Jenkins Blue Ocean Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | 6.5 |
2022-05-17 | CVE-2022-30955 | Missing Authorization vulnerability in Jenkins Gitlab Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
2022-05-17 | CVE-2022-30957 | Missing Authorization vulnerability in Jenkins SSH A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2022-05-17 | CVE-2022-30959 | Missing Authorization vulnerability in Jenkins SSH A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-05-13 | CVE-2021-33013 | Missing Authorization vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | 7.5 |
2022-05-12 | CVE-2022-30594 | Missing Authorization vulnerability in multiple products The Linux kernel before 5.17.2 mishandles seccomp permissions. | 7.8 |
2022-05-11 | CVE-2022-29611 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
2022-05-10 | CVE-2021-39738 | Missing Authorization vulnerability in Google Android In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. | 7.2 |
2022-05-10 | CVE-2022-20121 | Missing Authorization vulnerability in Google Android In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. | 2.1 |
2022-05-10 | CVE-2022-1442 | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. | 7.5 |