Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2019-10311 | Missing Authorization vulnerability in Jenkins Ansible Tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-04-30 | CVE-2019-10308 | Missing Authorization vulnerability in Jenkins Static Analysis Utilities A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. | 6.5 |
| 2019-04-25 | CVE-2018-14997 | Missing Authorization vulnerability in Leagoo P1 Firmware The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a package name of android that has been modified by Leagoo or another entity in the supply chain. | 5.5 |
| 2019-04-19 | CVE-2019-2026 | Missing Authorization vulnerability in Google Android 8.0 In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. | 7.8 |
| 2019-04-18 | CVE-2019-10305 | Missing Authorization vulnerability in Jenkins Xebialabs XL Deploy A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-18 | CVE-2019-10301 | Missing Authorization vulnerability in Jenkins Gitlab A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-04-17 | CVE-2019-9224 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 5.3 |
| 2019-04-17 | CVE-2019-9171 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 3.7 |
| 2019-04-11 | CVE-2019-9974 | Missing Authorization vulnerability in Dasannetworks H660Rm Firmware 1.030022 diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | 9.1 |
| 2019-04-10 | CVE-2019-0279 | Missing Authorization vulnerability in SAP Business Application Software Integrated Solution ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. | 8.8 |