Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-04 | CVE-2019-10293 | Missing Authorization vulnerability in Jenkins Kmap A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-10290 | Missing Authorization vulnerability in Jenkins Netsparker Cloud Scan A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-10279 | Missing Authorization vulnerability in Jenkins Jenkins-Reviewbot A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003099 | Missing Authorization vulnerability in Jenkins Openid A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003093 | Missing Authorization vulnerability in Jenkins Nomad A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003091 | Missing Authorization vulnerability in Jenkins Soasta Cloudtest A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003087 | Missing Authorization vulnerability in Jenkins Chef Sinatra 1.2 A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003085 | Missing Authorization vulnerability in Jenkins Zephyr Enterprise Test Management A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003083 | Missing Authorization vulnerability in Jenkins Gearman A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003081 | Missing Authorization vulnerability in Jenkins Openshift Deployer A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |