Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-29 | CVE-2022-28151 | Missing Authorization vulnerability in Jenkins JOB and Node Ownership A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | 4.3 |
2022-03-29 | CVE-2022-28158 | Missing Authorization vulnerability in Jenkins Pipeline: Phoenix Autotest A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
2022-03-28 | CVE-2022-27658 | Missing Authorization vulnerability in SAP Innovation Management 2.0 Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | 4.3 |
2022-03-28 | CVE-2021-24978 | Missing Authorization vulnerability in B4After Osmapper 2.1.5 The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. | 5.3 |
2022-03-28 | CVE-2022-0833 | Missing Authorization vulnerability in Church Admin Project Church Admin The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data | 4.3 |
2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 5.0 |
2022-03-23 | CVE-2022-24768 | Missing Authorization vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 8.8 |
2022-03-22 | CVE-2022-21718 | Missing Authorization vulnerability in Electronjs Electron Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. | 5.0 |
2022-03-21 | CVE-2022-0229 | Missing Authorization vulnerability in Miniorange Google Authenticator The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. | 8.1 |
2022-03-16 | CVE-2021-39697 | Missing Authorization vulnerability in Google Android 11.0/12.0 In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. | 7.2 |