Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-03 | CVE-2020-2323 | Missing Authorization vulnerability in Netflix Chaos Monkey 0.3/0.4 Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | 5.3 |
| 2020-12-03 | CVE-2020-2322 | Missing Authorization vulnerability in Netflix Chaos Monkey 0.3 Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | 7.5 |
| 2020-11-27 | CVE-2017-15680 | Missing Authorization vulnerability in Craftercms Crafter CMS 3.0.0 In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data. | 6.4 |
| 2020-11-26 | CVE-2020-29043 | Missing Authorization vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. | 5.0 |
| 2020-11-25 | CVE-2020-14190 | Missing Authorization vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. | 5.0 |
| 2020-11-25 | CVE-2020-14191 | Missing Authorization vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. | 5.0 |
| 2020-11-25 | CVE-2020-26212 | Missing Authorization vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 4.0 |
| 2020-11-24 | CVE-2020-29006 | Missing Authorization vulnerability in Misp MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. | 7.5 |
| 2020-11-23 | CVE-2020-26231 | Missing Authorization vulnerability in Octobercms October 1.0.469/1.1.0 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.4 |
| 2020-11-12 | CVE-2020-7472 | Missing Authorization vulnerability in Sugarcrm An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. | 7.5 |