Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-20 | CVE-2023-3072 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. | 3.8 |
| 2023-07-20 | CVE-2023-3300 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. | 5.3 |
| 2023-07-18 | CVE-2023-33265 | Missing Authorization vulnerability in Hazelcast and Imdg In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted. | 8.8 |
| 2023-07-17 | CVE-2023-3587 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. | 2.7 |
| 2023-07-13 | CVE-2023-21247 | Missing Authorization vulnerability in Google Android 12.0/12.1/13.0 In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. | 7.8 |
| 2023-07-13 | CVE-2023-21248 | Missing Authorization vulnerability in Google Android 12.0/12.1/13.0 In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. | 7.8 |
| 2023-07-13 | CVE-2023-21257 | Missing Authorization vulnerability in Google Android 13.0 In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. | 7.8 |
| 2023-07-12 | CVE-2023-37944 | Missing Authorization vulnerability in Jenkins Datadog A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2023-07-12 | CVE-2023-37945 | Missing Authorization vulnerability in Jenkins Saml Single Sign on 2.1.0/2.2.0/2.3.0 A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm. | 4.3 |
| 2023-07-12 | CVE-2023-37949 | Missing Authorization vulnerability in Jenkins Orka BY Macstadium A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |