Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-30 | CVE-2021-39751 | Missing Authorization vulnerability in Google Android 12.1 In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. | 2.1 |
2022-03-30 | CVE-2021-39753 | Missing Authorization vulnerability in Google Android 12.1 In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. | 2.1 |
2022-03-30 | CVE-2021-39758 | Missing Authorization vulnerability in Google Android 12.1 In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. | 4.6 |
2022-03-30 | CVE-2021-39768 | Missing Authorization vulnerability in Google Android 12.1 In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. | 4.4 |
2022-03-30 | CVE-2022-20002 | Missing Authorization vulnerability in Google Android 12.1 In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. | 7.8 |
2022-03-29 | CVE-2022-28134 | Missing Authorization vulnerability in Jenkins Bitbucket Server Integration Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | 5.4 |
2022-03-29 | CVE-2022-28137 | Missing Authorization vulnerability in Jenkins Jiratestresultreporter A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2022-03-29 | CVE-2022-28139 | Missing Authorization vulnerability in Jenkins Rocketchat Notifier A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2022-03-29 | CVE-2022-28144 | Missing Authorization vulnerability in Jenkins Proxmox Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 6.5 |
2022-03-29 | CVE-2022-28147 | Missing Authorization vulnerability in Jenkins Continuous Integration With Toad Edge A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |