Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2018-02-22 CVE-2018-0015 Missing Authorization vulnerability in Juniper Appformix
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege.
network
juniper CWE-862
8.5
2018-02-14 CVE-2018-2381 Missing Authorization vulnerability in SAP ERP Financials Information System 2.0
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-02-12 CVE-2017-13247 Missing Authorization vulnerability in Google Android
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock.
local
low complexity
google CWE-862
4.6
2018-02-09 CVE-2018-1000022 Missing Authorization vulnerability in Electrum Bitcoin Wallet
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected.
network
high complexity
electrum CWE-862
2.6
2018-02-02 CVE-2017-18035 Missing Authorization vulnerability in Atlassian Crucible and Fisheye
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
network
low complexity
atlassian CWE-862
4.0
2018-01-29 CVE-2017-9513 Missing Authorization vulnerability in Atlassian Activity Streams
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
network
low complexity
atlassian CWE-862
5.5
2018-01-26 CVE-2017-1000400 Missing Authorization vulnerability in Jenkins
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects.
network
low complexity
jenkins CWE-862
4.0
2018-01-26 CVE-2017-1000390 Missing Authorization vulnerability in Jenkins Multijob
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
network
low complexity
jenkins CWE-862
4.0
2018-01-26 CVE-2017-1000388 Missing Authorization vulnerability in Jenkins Dependency Graph Viewer
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.
network
low complexity
jenkins CWE-862
4.0
2018-01-23 CVE-2018-1000015 Missing Authorization vulnerability in Jenkins Pipeline Nodes and Processes
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents.
network
jenkins CWE-862
4.9