Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-28144 | Missing Authorization vulnerability in Jenkins Proxmox Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | 6.5 |
| 2022-03-29 | CVE-2022-28147 | Missing Authorization vulnerability in Jenkins Continuous Integration With Toad Edge A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |
| 2022-03-29 | CVE-2022-28151 | Missing Authorization vulnerability in Jenkins JOB and Node Ownership A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | 4.3 |
| 2022-03-29 | CVE-2022-28158 | Missing Authorization vulnerability in Jenkins Pipeline: Phoenix Autotest A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-03-28 | CVE-2021-24978 | Missing Authorization vulnerability in B4After Osmapper 2.1.5 The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. | 5.3 |
| 2022-03-28 | CVE-2022-0833 | Missing Authorization vulnerability in Church Admin Project Church Admin The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data | 4.3 |
| 2022-03-25 | CVE-2021-3814 | Missing Authorization vulnerability in Redhat 3Scale It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. | 7.5 |
| 2022-03-23 | CVE-2022-24768 | Missing Authorization vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 8.8 |
| 2022-03-22 | CVE-2022-21718 | Missing Authorization vulnerability in Electronjs Electron Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. | 5.0 |
| 2022-03-21 | CVE-2022-0229 | Missing Authorization vulnerability in Miniorange Google Authenticator The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. | 8.1 |