Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2021-21632 | Missing Authorization vulnerability in Jenkins Owasp Dependency-Track A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 6.5 |
| 2021-03-30 | CVE-2021-21631 | Missing Authorization vulnerability in Jenkins Cloud Statistics Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. | 4.3 |
| 2021-03-29 | CVE-2021-28669 | Missing Authorization vulnerability in Xerox products Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. | 5.0 |
| 2021-03-22 | CVE-2021-21437 | Missing Authorization vulnerability in Otrs products Agents are able to see linked Config Items without permissions, which are defined in General Catalog. | 4.3 |
| 2021-03-19 | CVE-2021-26990 | Missing Authorization vulnerability in Netapp Cloud Manager Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. | 9.4 |
| 2021-03-18 | CVE-2021-27656 | Missing Authorization vulnerability in Johnsoncontrols Exacqvision web Service A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. | 5.0 |
| 2021-03-18 | CVE-2021-24146 | Missing Authorization vulnerability in Webnus Modern Events Calendar Lite Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. | 5.0 |
| 2021-03-18 | CVE-2021-21626 | Missing Authorization vulnerability in Jenkins Warnings Next Generation Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
| 2021-03-18 | CVE-2021-21625 | Missing Authorization vulnerability in Jenkins Cloudbees AWS Credentials Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. | 4.3 |
| 2021-03-15 | CVE-2021-20283 | Missing Authorization vulnerability in multiple products The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 4.3 |