Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-4104 | Missing Authorization vulnerability in Mozilla VPN 2.16.0 An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. | 5.5 |
| 2023-09-11 | CVE-2023-40040 | Missing Authorization vulnerability in Mycrops Higrade 1.0.337 An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. | 5.3 |
| 2023-09-06 | CVE-2023-41941 | Missing Authorization vulnerability in Jenkins AWS Codecommit Trigger 3.0.12 A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. | 4.3 |
| 2023-09-06 | CVE-2023-41943 | Missing Authorization vulnerability in Jenkins AWS Codecommit Trigger 3.0.12 Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | 6.5 |
| 2023-09-06 | CVE-2023-41945 | Missing Authorization vulnerability in Jenkins Assembla Auth Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted. | 8.8 |
| 2023-09-06 | CVE-2023-41947 | Missing Authorization vulnerability in Jenkins Frugal Testing 1.0/1.1 A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. | 4.3 |
| 2023-09-05 | CVE-2023-41908 | Missing Authorization vulnerability in Cerebrate-Project Cerebrate Cerebrate before 1.15 lacks the Secure attribute for the session cookie. | 5.3 |
| 2023-09-04 | CVE-2023-4059 | Missing Authorization vulnerability in Cozmoslabs Profile Builder The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | 4.3 |
| 2023-09-04 | CVE-2023-20824 | Missing Authorization vulnerability in Google Android 12.0/13.0 In duraspeed, there is a possible information disclosure due to a missing permission check. | 5.5 |
| 2023-09-04 | CVE-2023-20825 | Missing Authorization vulnerability in Google Android 12.0/13.0 In duraspeed, there is a possible information disclosure due to a missing permission check. | 5.5 |