Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-37945 | Missing Authorization vulnerability in Jenkins Saml Single Sign on 2.1.0/2.2.0/2.3.0 A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm. | 4.3 |
| 2023-07-12 | CVE-2023-37949 | Missing Authorization vulnerability in Jenkins Orka BY Macstadium A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
| 2023-07-12 | CVE-2023-37950 | Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-07-12 | CVE-2023-37953 | Missing Authorization vulnerability in Jenkins Mabl A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2023-07-12 | CVE-2023-37956 | Missing Authorization vulnerability in Jenkins Test Results Aggregator A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 6.5 |
| 2023-07-12 | CVE-2023-37959 | Missing Authorization vulnerability in Jenkins Sumologic Publisher A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 6.5 |
| 2023-07-12 | CVE-2023-37963 | Missing Authorization vulnerability in Jenkins Benchmark Evaluator 1.0.0/1.0.1 A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system. | 5.4 |
| 2023-07-12 | CVE-2023-37965 | Missing Authorization vulnerability in Jenkins Elasticbox CI A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
| 2023-07-12 | CVE-2023-30913 | Missing Authorization vulnerability in Google Android In telephony service, there is a missing permission check. | 5.5 |
| 2023-07-12 | CVE-2023-30916 | Missing Authorization vulnerability in Google Android In DMService, there is a possible missing permission check. | 7.8 |