Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-39706 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. | 9.3 |
| 2022-03-16 | CVE-2021-39734 | Missing Authorization vulnerability in Google Android In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. | 4.6 |
| 2022-03-15 | CVE-2022-27199 | Missing Authorization vulnerability in Jenkins Cloudbees AWS Credentials A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 4.3 |
| 2022-03-15 | CVE-2022-27205 | Missing Authorization vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 4.3 |
| 2022-03-15 | CVE-2022-27209 | Missing Authorization vulnerability in Jenkins Kubernetes Continuous Deploy A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-03-15 | CVE-2022-27211 | Missing Authorization vulnerability in Jenkins Kubernetes Continuous Deploy A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2022-03-15 | CVE-2022-27215 | Missing Authorization vulnerability in Jenkins Release Helper A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2022-03-14 | CVE-2021-24950 | Missing Authorization vulnerability in Thememove Insight Core 1.0 The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. | 3.5 |
| 2022-03-11 | CVE-2021-32472 | Missing Authorization vulnerability in Moodle Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. | 4.3 |
| 2022-03-11 | CVE-2021-32477 | Missing Authorization vulnerability in Moodle The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). | 4.0 |