Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-11 | CVE-2019-10339 | Missing Authorization vulnerability in Jenkins JX Resources A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | 8.8 |
2019-06-11 | CVE-2019-10333 | Missing Authorization vulnerability in Jenkins Electricflow Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances. | 4.3 |
2019-06-11 | CVE-2019-10332 | Missing Authorization vulnerability in Jenkins Electricflow A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
2019-06-07 | CVE-2019-2098 | Missing Authorization vulnerability in Google Android In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. | 7.2 |
2019-06-07 | CVE-2019-2092 | Missing Authorization vulnerability in Google Android In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. | 7.2 |
2019-06-07 | CVE-2019-2091 | Missing Authorization vulnerability in Google Android In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. | 7.2 |
2019-06-07 | CVE-2019-2090 | Missing Authorization vulnerability in Google Android In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. | 4.6 |
2019-06-06 | CVE-2019-12274 | Missing Authorization vulnerability in Suse Rancher In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. | 4.0 |
2019-05-31 | CVE-2019-10330 | Missing Authorization vulnerability in Gitea Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted. | 7.5 |
2019-05-31 | CVE-2019-10323 | Missing Authorization vulnerability in Jfrog Artifactory A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |