CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-5949 HIGH
SmartCrawl < 3.8.3 - Unauthenticated Access to Password-Protected Posts
CVSS 7.5
CVE-2023-5056 MEDIUM
Red Hat Service Interconnect - Authenticated Information Disclosure via Skupper Operator
CVSS 6.8
CVE-2023-50976 CRITICAL
redpanda < 23.1.21 and 23.2.x < 23.2.18 - Missing Authorization in Transactions API
CVSS 9.8
CVE-2023-5061 MEDIUM
GitLab <16.4.4-16.6.2 - Info Disclosure
CVSS 4.3
CVE-2023-48375 HIGH
SmartStar Software CWS - Authenticated Privilege Escalation via Missing Authorization
CVSS 8.8
CVE-2023-48676 HIGH
Acronis Cyber Protect Cloud Agent <36943 - Info Disclosure
CVSS 7.1
CVE-2023-50779 MEDIUM
Jenkins PaaSLane Estimate Plugin < 1.0.4 - Missing Authorization
CVSS 4.3
CVE-2023-50769 MEDIUM
Jenkins Nexus Platform Plugin < 3.18.0-03 - Missing Authorization
CVSS 4.3
CVE-2023-50767 MEDIUM
Jenkins Nexus Platform Plugin < 3.18.0-03 - Server-Side Request Forgery via XML Response Parsing
CVSS 5.4
CVE-2023-50765 MEDIUM
Jenkins Scriptler Plugin < 342.v6a_89fd40f466 - Unauthorized Groovy Script Content Read via Script ID
CVSS 4.3
CVE-2023-47573 HIGH
Relyum RELY-PCIe 22.2.1 - Missing Authorization in Web Interface
CVSS 8.8
CVE-2023-48417 CRITICAL
KeyChainActivity App - Privilege Escalation
CVSS 9.8
CVE-2023-6394 HIGH
Quarkus < 3.6.0 - Missing Authorization via WebSocket GraphQL Request
CVSS 7.4
CVE-2023-48402 HIGH
Android - Missing Authorization in ppcfw_enable
CVSS 7.8
CVE-2023-39167 HIGH
SENEC Storage Box - Info Disclosure
CVSS 7.5
CVE-2023-5714 MEDIUM
System Dashboard < 2.8.7 - Authenticated Unauthorized Data Access via sd_db_specs() AJAX Action
CVSS 4.3
CVE-2023-5713 MEDIUM
System Dashboard < 2.8.7 - Authenticated Unauthorized Data Access via sd_option_value()
CVSS 4.3
CVE-2023-5712 MEDIUM
System Dashboard < 2.8.7 - Authenticated Unauthorized Data Access via sd_global_value AJAX Action
CVSS 4.3
CVE-2023-5711 MEDIUM
System Dashboard <= 2.8.7 - Authenticated Sensitive Information Exposure via sd_php_info AJAX Action
CVSS 4.3
CVE-2023-5710 MEDIUM
System Dashboard < 2.8.7 - Authenticated Sensitive Information Exposure via sd_constants AJAX Action
CVSS 4.3
CVE-2023-46354 HIGH
MyPrestaModules <5.2.0 - Info Disclosure
CVSS 7.5
CVE-2023-44113 HIGH
Designed for Reliability - Info Disclosure
CVSS 7.5
CVE-2023-40094 HIGH
Android - Lock Screen Bypass via Missing Permission Check in ActivityTaskManagerService
CVSS 7.8
CVE-2023-40089 HIGH
Android - Missing Authorization in DevicePolicyManagerService Credential Manager Selection
CVSS 7.8
CVE-2023-32855 MEDIUM
Yocto - Missing Authorization Leading to Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 8,401
Exploit Likelihood High