Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-15 | CVE-2022-25195 | Missing Authorization vulnerability in Jenkins Autonomiq A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2022-02-15 | CVE-2022-25199 | Missing Authorization vulnerability in Jenkins SCP Publisher 1.8 A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25201 | Missing Authorization vulnerability in Jenkins Checkmarx Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
2022-02-15 | CVE-2022-25206 | Missing Authorization vulnerability in Jenkins Dbcharts 0.4/0.5.2 A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-25208 | Missing Authorization vulnerability in Jenkins Chef Sinatra A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | 8.8 |
2022-02-15 | CVE-2022-25211 | Missing Authorization vulnerability in Jenkins Swamp A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. | 8.8 |
2022-02-15 | CVE-2022-0588 | Missing Authorization vulnerability in Librenms Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | 6.5 |
2022-02-14 | CVE-2022-0579 | Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | 6.5 |
2022-02-14 | CVE-2022-22854 | Missing Authorization vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | 6.5 |
2022-02-14 | CVE-2021-25014 | Missing Authorization vulnerability in Vowelweb Ibtana The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue. | 3.5 |