Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-30	CVE-2019-11610	Missing Authorization vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. network low complexity doorgets CWE-862	7.5
2019-04-30	CVE-2019-11609	Missing Authorization vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. network low complexity doorgets CWE-862	8.2
2019-04-30	CVE-2019-11608	Missing Authorization vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. network low complexity doorgets CWE-862	8.2
2019-04-30	CVE-2019-11607	Missing Authorization vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. network low complexity doorgets CWE-862	7.5
2019-04-30	CVE-2019-11606	Missing Authorization vulnerability in Doorgets CMS 7.0 doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. network low complexity doorgets CWE-862	7.5
2019-04-30	CVE-2019-3399	Missing Authorization vulnerability in Atlassian Jira The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. network low complexity atlassian CWE-862	7.5
2019-04-30	CVE-2019-10312	Missing Authorization vulnerability in Jenkins Ansible Tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3
2019-04-30	CVE-2019-10311	Missing Authorization vulnerability in Jenkins Ansible Tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	8.8
2019-04-30	CVE-2019-10308	Missing Authorization vulnerability in Jenkins Static Analysis Utilities A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users. network low complexity jenkins CWE-862	6.5
2019-04-25	CVE-2018-14997	Missing Authorization vulnerability in Leagoo P1 Firmware The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework (i.e., system_server) with a package name of android that has been modified by Leagoo or another entity in the supply chain. local low complexity leagoo CWE-862	5.5

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization