Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-1000022 | Missing Authorization vulnerability in Electrum Bitcoin Wallet Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. | 2.6 |
| 2018-02-02 | CVE-2017-18035 | Missing Authorization vulnerability in Atlassian Crucible and Fisheye The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it. | 4.0 |
| 2018-01-29 | CVE-2017-9513 | Missing Authorization vulnerability in Atlassian Activity Streams Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | 5.5 |
| 2018-01-26 | CVE-2017-1000400 | Missing Authorization vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. | 4.0 |
| 2018-01-26 | CVE-2017-1000390 | Missing Authorization vulnerability in Jenkins Multijob Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. | 4.0 |
| 2018-01-26 | CVE-2017-1000388 | Missing Authorization vulnerability in Jenkins Dependency Graph Viewer Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | 4.0 |
| 2018-01-23 | CVE-2018-1000015 | Missing Authorization vulnerability in Jenkins Pipeline Nodes and Processes On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. | 4.9 |
| 2018-01-22 | CVE-2018-6000 | Missing Authorization vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743/3.0.0.4.384.20308 An issue was discovered in AsusWRT before 3.0.0.4.384_10007. | 10.0 |
| 2018-01-18 | CVE-2018-0092 | Missing Authorization vulnerability in Cisco Nx-Os 7.0(3)I5(2)/7.0(3)I6(1)/7.0(3)I7(1) A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. | 3.6 |
| 2018-01-12 | CVE-2017-13209 | Missing Authorization vulnerability in Google Android 8.0/8.1 In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. | 7.2 |