Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-15	CVE-2022-25195	Missing Authorization vulnerability in Jenkins Autonomiq A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. network low complexity jenkins CWE-862	4.3
2022-02-15	CVE-2022-25199	Missing Authorization vulnerability in Jenkins SCP Publisher 1.8 A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25201	Missing Authorization vulnerability in Jenkins Checkmarx Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2022-02-15	CVE-2022-25206	Missing Authorization vulnerability in Jenkins Dbcharts 0.4/0.5.2 A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25208	Missing Authorization vulnerability in Jenkins Chef Sinatra A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25211	Missing Authorization vulnerability in Jenkins Swamp A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-0588	Missing Authorization vulnerability in Librenms Missing Authorization in Packagist librenms/librenms prior to 22.2.0. network low complexity librenms CWE-862	6.5
2022-02-14	CVE-2022-0579	Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. network low complexity snipeitapp CWE-862	6.5
2022-02-14	CVE-2022-22854	Missing Authorization vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. network low complexity hospital-s-patient-records-management-system-project CWE-862	6.5
2022-02-14	CVE-2021-25014	Missing Authorization vulnerability in Vowelweb Ibtana The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue. network vowelweb CWE-862	3.5

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization