Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-34794 | Missing Authorization vulnerability in Jenkins Recipe 1.0/1.1/1.2 Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | 6.5 |
| 2022-06-30 | CVE-2022-34796 | Missing Authorization vulnerability in Jenkins Deployment Dashboard A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-06-30 | CVE-2022-34798 | Missing Authorization vulnerability in Jenkins Deployment Dashboard Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 4.3 |
| 2022-06-30 | CVE-2022-34810 | Missing Authorization vulnerability in Jenkins RQM A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-06-30 | CVE-2022-34811 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | 4.3 |
| 2022-06-30 | CVE-2022-34813 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | 4.3 |
| 2022-06-30 | CVE-2022-34818 | Missing Authorization vulnerability in Jenkins Failed JOB Deactivator Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. | 4.3 |
| 2022-06-27 | CVE-2022-0444 | Missing Authorization vulnerability in Watchful Xcloner The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. | 4.3 |
| 2022-06-27 | CVE-2022-1572 | Missing Authorization vulnerability in Html2Wp Project Html2Wp The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file | 8.1 |
| 2022-06-27 | CVE-2022-1574 | Missing Authorization vulnerability in Html2Wp Project Html2Wp The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server | 9.8 |