Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-04 | CVE-2019-1003081 | Missing Authorization vulnerability in Jenkins Openshift Deployer A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003079 | Missing Authorization vulnerability in Jenkins VMWare LAB Manager Slaves A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003077 | Missing Authorization vulnerability in Jenkins Audit to Database A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003059 | Missing Authorization vulnerability in Jenkins FTP Publisher A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-03-30 | CVE-2019-10648 | Missing Authorization vulnerability in Robocode Project Robocode Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | 9.8 |
| 2019-03-28 | CVE-2019-1003047 | Missing Authorization vulnerability in Jenkins Fortify on Demand Uploader A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-03-28 | CVE-2019-1003043 | Missing Authorization vulnerability in Jenkins Slack Notification A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.5 |
| 2019-03-25 | CVE-2019-6538 | Missing Authorization vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. | 6.5 |
| 2019-03-25 | CVE-2019-3879 | Missing Authorization vulnerability in multiple products It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. | 8.1 |
| 2019-03-25 | CVE-2019-3835 | Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. | 5.5 |