Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2021-28506 | Missing Authorization vulnerability in Arista EOS An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | 9.1 |
| 2022-01-14 | CVE-2021-39622 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. | 7.8 |
| 2022-01-13 | CVE-2021-40327 | Missing Authorization vulnerability in Trustedfirmware Trusted Firmware-M 1.4.0 Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. | 5.9 |
| 2022-01-12 | CVE-2022-20614 | Missing Authorization vulnerability in multiple products A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 |
| 2022-01-12 | CVE-2022-20616 | Missing Authorization vulnerability in Jenkins Credentials Binding Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. | 4.3 |
| 2022-01-12 | CVE-2022-20618 | Missing Authorization vulnerability in Jenkins Bitbucket Branch Source A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-01-12 | CVE-2022-20620 | Missing Authorization vulnerability in Jenkins SSH Agent Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-01-12 | CVE-2022-23112 | Missing Authorization vulnerability in Jenkins Publish Over SSH A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | 6.5 |
| 2022-01-10 | CVE-2021-25032 | Missing Authorization vulnerability in Publishpress Capabilities The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. | 9.8 |
| 2022-01-06 | CVE-2021-46075 | Missing Authorization vulnerability in Vehicle Service Management System Project Vehicle Service Management System A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. | 7.2 |