Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-10145 | Missing Authorization vulnerability in Redhat RKT rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. | 7.7 |
| 2019-05-31 | CVE-2019-10330 | Missing Authorization vulnerability in Gitea Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted. | 7.5 |
| 2019-05-31 | CVE-2019-10323 | Missing Authorization vulnerability in Jfrog Artifactory A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2019-05-31 | CVE-2019-10322 | Missing Authorization vulnerability in Jfrog Artifactory A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
| 2019-05-24 | CVE-2019-11875 | Missing Authorization vulnerability in Blueprism Robotic Process Automation 6.4.0.8445 In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. | 8.8 |
| 2019-05-23 | CVE-2019-10849 | Missing Authorization vulnerability in Computrols Building Automation Software Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | 7.5 |
| 2019-05-23 | CVE-2019-0201 | Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. | 5.9 |
| 2019-05-21 | CVE-2019-10319 | Missing Authorization vulnerability in Jenkins Pluggable Authentication Module A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as. | 4.3 |
| 2019-05-17 | CVE-2019-12168 | Missing Authorization vulnerability in Four-Faith F3X24 Firmware 1.0 Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. | 7.2 |
| 2019-05-17 | CVE-2019-6790 | Missing Authorization vulnerability in Gitlab An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 4.3 |