Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-30	CVE-2019-10311	Missing Authorization vulnerability in Jenkins Ansible Tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	8.8
2019-04-30	CVE-2019-10308	Missing Authorization vulnerability in Jenkins Static Analysis Utilities A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. network low complexity jenkins CWE-862	6.5
2019-04-19	CVE-2019-2026	Missing Authorization vulnerability in Google Android 8.0 In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. local low complexity google CWE-862	4.6
2019-04-18	CVE-2019-10305	Missing Authorization vulnerability in Jenkins Xebialabs XL Deploy A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. network low complexity jenkins CWE-862	6.5
2019-04-18	CVE-2019-10301	Missing Authorization vulnerability in Jenkins Gitlab A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	8.8
2019-04-17	CVE-2019-9224	Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. network low complexity gitlab CWE-862	5.0
2019-04-10	CVE-2019-0279	Missing Authorization vulnerability in SAP Business Application Software Integrated Solution ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. network low complexity sap CWE-862	6.5
2019-04-05	CVE-2019-10868	Missing Authorization vulnerability in multiple products In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. network low complexity tryton debian CWE-862	4.0
2019-04-04	CVE-2019-3886	Missing Authorization vulnerability in multiple products An incorrect permissions check was discovered in libvirt 4.8.0 and above. low complexity redhat opensuse fedoraproject CWE-862	5.4
2019-04-04	CVE-2019-10293	Missing Authorization vulnerability in Jenkins Kmap A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. network low complexity jenkins CWE-862	6.5

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization