Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2020-7968 | Missing Authorization vulnerability in Gitlab GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | 7.5 |
| 2020-02-03 | CVE-2020-7993 | Missing Authorization vulnerability in Prototypejs Prototype 1.6.0.1 Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. | 4.3 |
| 2020-01-30 | CVE-2020-8495 | Missing Authorization vulnerability in Kronos web Time and Attendance 3.8 In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | 7.5 |
| 2020-01-30 | CVE-2020-5228 | Missing Authorization vulnerability in Apereo Opencast Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. | 7.5 |
| 2020-01-28 | CVE-2019-5470 | Missing Authorization vulnerability in Gitlab An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | 7.5 |
| 2020-01-24 | CVE-2013-3960 | Missing Authorization vulnerability in Easytimestudio Easy File Manager 1.1 Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | 9.9 |
| 2020-01-17 | CVE-2019-19802 | Missing Authorization vulnerability in Gallagher Command Centre In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | 6.5 |
| 2020-01-15 | CVE-2020-2094 | Missing Authorization vulnerability in Jenkins Health Advisor BY Cloudbees A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | 4.3 |
| 2020-01-15 | CVE-2020-2091 | Missing Authorization vulnerability in Jenkins Amazon EC2 A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.1 |
| 2020-01-14 | CVE-2020-6306 | Missing Authorization vulnerability in SAP Leasing Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17). | 2.7 |