Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-22 | CVE-2018-0015 | Missing Authorization vulnerability in Juniper Appformix A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. | 8.5 |
2018-02-14 | CVE-2018-2381 | Missing Authorization vulnerability in SAP ERP Financials Information System 2.0 SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
2018-02-12 | CVE-2017-13247 | Missing Authorization vulnerability in Google Android In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. | 4.6 |
2018-02-09 | CVE-2018-1000022 | Missing Authorization vulnerability in Electrum Bitcoin Wallet Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. | 2.6 |
2018-02-02 | CVE-2017-18035 | Missing Authorization vulnerability in Atlassian Crucible and Fisheye The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. | 4.0 |
2018-01-29 | CVE-2017-9513 | Missing Authorization vulnerability in Atlassian Activity Streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | 5.5 |
2018-01-26 | CVE-2017-1000400 | Missing Authorization vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. | 4.0 |
2018-01-26 | CVE-2017-1000390 | Missing Authorization vulnerability in Jenkins Multijob Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. | 4.0 |
2018-01-26 | CVE-2017-1000388 | Missing Authorization vulnerability in Jenkins Dependency Graph Viewer Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | 4.0 |
2018-01-23 | CVE-2018-1000015 | Missing Authorization vulnerability in Jenkins Pipeline Nodes and Processes On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. | 4.9 |