Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2021-39749 | Missing Authorization vulnerability in Google Android 12.1 In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39750 | Missing Authorization vulnerability in Google Android 12.1 In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39751 | Missing Authorization vulnerability in Google Android 12.1 In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. | 5.5 |
| 2022-03-30 | CVE-2021-39753 | Missing Authorization vulnerability in Google Android 12.1 In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. | 5.5 |
| 2022-03-30 | CVE-2021-39758 | Missing Authorization vulnerability in Google Android 12.1 In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2021-39768 | Missing Authorization vulnerability in Google Android 12.1 In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. | 7.8 |
| 2022-03-30 | CVE-2022-20002 | Missing Authorization vulnerability in Google Android 12.1 In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. | 7.8 |
| 2022-03-29 | CVE-2022-28134 | Missing Authorization vulnerability in Jenkins Bitbucket Server Integration Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | 5.4 |
| 2022-03-29 | CVE-2022-28137 | Missing Authorization vulnerability in Jenkins Jiratestresultreporter A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2022-03-29 | CVE-2022-28139 | Missing Authorization vulnerability in Jenkins Rocketchat Notifier A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |