Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-07 | CVE-2023-33909 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 |
| 2023-08-07 | CVE-2023-33910 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 |
| 2023-08-07 | CVE-2023-33911 | Missing Authorization vulnerability in Google Android 10.0/11.0/9.0 In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 |
| 2023-08-07 | CVE-2023-33912 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 5.5 |
| 2023-08-04 | CVE-2023-38494 | Missing Authorization vulnerability in Metersphere MeterSphere is an open-source continuous testing platform. | 7.5 |
| 2023-08-03 | CVE-2023-30950 | Missing Authorization vulnerability in Palantir Foundry Campaigns The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | 5.9 |
| 2023-08-02 | CVE-2023-3426 | Missing Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations. | 4.3 |
| 2023-07-31 | CVE-2023-38989 | Missing Authorization vulnerability in Jeesite 1.2.6 An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information. | 4.3 |
| 2023-07-26 | CVE-2023-3442 | Missing Authorization vulnerability in Jenkins Servicenow Devops A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. | 7.5 |
| 2023-07-26 | CVE-2022-43712 | Missing Authorization vulnerability in Gxsoftware Xperiencentral POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. | 6.5 |