Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-28 | CVE-2022-3321 | Missing Authorization vulnerability in Cloudflare Warp Mobile Client It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. | 8.2 |
| 2022-10-28 | CVE-2022-3337 | Missing Authorization vulnerability in Cloudflare Warp Mobile Client It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. | 8.5 |
| 2022-10-27 | CVE-2022-24669 | Missing Authorization vulnerability in Forgerock Access Management It may be possible to gain some details of the deployment through a well-crafted attack. | 6.5 |
| 2022-10-27 | CVE-2022-39329 | Missing Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. | 5.3 |
| 2022-10-25 | CVE-2022-39340 | Missing Authorization vulnerability in Openfga OpenFGA is an authorization/permission engine. | 5.3 |
| 2022-10-24 | CVE-2022-41797 | Missing Authorization vulnerability in Lemon8 Project Lemon8 Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 6.5 |
| 2022-10-21 | CVE-2022-1066 | Missing Authorization vulnerability in Aethon TUG Home Base Server Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | 8.2 |
| 2022-10-21 | CVE-2022-1070 | Missing Authorization vulnerability in Aethon TUG Home Base Server Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | 8.1 |
| 2022-10-21 | CVE-2022-26423 | Missing Authorization vulnerability in Aethon TUG Home Base Server Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | 7.5 |
| 2022-10-19 | CVE-2022-43413 | Missing Authorization vulnerability in Jenkins JOB Import Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |