Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-06 | CVE-2019-18674 | Missing Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.13. | 5.0 |
2019-10-31 | CVE-2019-5095 | Missing Authorization vulnerability in Tempo 4.10.0 An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. | 4.0 |
2019-10-23 | CVE-2019-18383 | Missing Authorization vulnerability in Terra-Master Fs-210 Firmware 4.0.19 An issue was discovered on TerraMaster FS-210 4.0.19 devices. | 5.0 |
2019-10-17 | CVE-2019-15850 | Missing Authorization vulnerability in Eq-3 Homematic Ccu3 Firmware 3.41.11 eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. | 9.0 |
2019-10-16 | CVE-2019-10457 | Missing Authorization vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0 A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10455 | Missing Authorization vulnerability in Jenkins Rundeck A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10445 | Missing Authorization vulnerability in Jenkins Google Kubernetes Engine A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | 4.3 |
2019-10-16 | CVE-2019-10442 | Missing Authorization vulnerability in Jenkins Icescrum A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-10-16 | CVE-2019-10439 | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
2019-10-16 | CVE-2019-10438 | Missing Authorization vulnerability in Jenkins CRX Content Package Deployer A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |