Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-19 | CVE-2022-1384 | Missing Authorization vulnerability in Mattermost Server Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | 8.8 |
| 2022-04-12 | CVE-2022-29051 | Missing Authorization vulnerability in Jenkins Publish Over FTP Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | 4.3 |
| 2022-04-12 | CVE-2021-39808 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. | 7.8 |
| 2022-04-04 | CVE-2022-0404 | Missing Authorization vulnerability in Material Design for Contact Form 7 Project Material Design for Contact Form 7 2.6.4 The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. | 6.5 |
| 2022-04-04 | CVE-2022-0837 | Missing Authorization vulnerability in Tms-Outsource Amelia The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. | 5.4 |
| 2022-04-01 | CVE-2022-0390 | Missing Authorization vulnerability in Gitlab Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | 4.3 |
| 2022-03-31 | CVE-2022-26546 | Missing Authorization vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | 9.1 |
| 2022-03-31 | CVE-2022-23183 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. | 6.5 |
| 2022-03-30 | CVE-2021-39742 | Missing Authorization vulnerability in Google Android 12.1 In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. | 5.5 |
| 2022-03-30 | CVE-2021-39743 | Missing Authorization vulnerability in Google Android 12.1 In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. | 7.8 |