CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-5165 HIGH
Docker Desktop <4.23.0 - Auth Bypass
CVSS 7.1
CVE-2023-41296 CRITICAL
Kernel Module - Privilege Escalation
CVSS 9.1
CVE-2023-43090 MEDIUM
GNOME Shell 43-43.9 - Unauthenticated Information Disclosure via Lock Screen Screenshot Tool
CVSS 5.5
CVE-2023-43135 CRITICAL
TP-LINK ER5120G <4.0.2.0.0 - Info Disclosure
CVSS 9.8
CVE-2023-43134 CRITICAL
Netis 360RAC1200 <1.3.4517 - Info Disclosure
CVSS 9.8
CVE-2023-43501 MEDIUM
Jenkins Build Failure Analyzer Plugin <2.4.1 - SSRF
CVSS 6.5
CVE-2023-5054 MEDIUM
Super Store Finder <6.9.3 - Unauthenticated RCE
CVSS 5.8
CVE-2023-0923 HIGH
Red Hat OpenShift Data Science 1.22-1.22.1-3 - Missing Authorization in Jupyter API
CVSS 8.8
CVE-2023-4948 MEDIUM
WooCommerce CVR Payment Gateway <6.1.0 - Info Disclosure
CVSS 4.3
CVE-2023-42469 LOW
full_dialer <= 1.0.1 - Unauthenticated Phone Call Placement via Crafted Intent
CVSS 3.3
CVE-2023-39073 CRITICAL
SNMP Web Pro <1.1 - RCE, Info Disclosure
CVSS 9.8
CVE-2023-40625 MEDIUM
S4CORE Manage Purchase Contracts App - Privilege Escalation
CVSS 5.4
CVE-2023-35677 MEDIUM
Android - Missing Authorization in DeviceAdminAdd
CVSS 5.5
CVE-2023-35665 HIGH
Android - Missing Authorization for Contact Import
CVSS 7.8
CVE-2023-36140 CRITICAL
PHPJabbers Cleaning Business Software 1.0 - Info Disclosure
CVSS 9.8
CVE-2023-4630 MEDIUM
GitLab <16.1.5-16.2.5-16.3.1 - Info Disclosure
CVSS 5.0
CVE-2023-4104 MEDIUM
Mozilla VPN < 2.16.1 (Linux) - Unauthenticated VPN Configuration via D-Bus
CVSS 5.5
CVE-2023-40040 MEDIUM
MyCrops HiGrade 1.0.337 - Unauthenticated Camera Access via CameraActivity Component
CVSS 5.3
CVE-2023-4792 MEDIUM
Duplicate Post Page Menu & Custom Post Type <2.3.1 - Privilege Esca...
CVSS 4.3
CVE-2023-41947 MEDIUM
Jenkins Frugal Testing Plugin < 1.1 - Missing Authorization for Frugal Testing Connection
CVSS 4.3
CVE-2023-41945 HIGH
Jenkins Assembla Auth Plugin < 1.14 - Missing Authorization
CVSS 8.8
CVE-2023-41943 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Missing Authorization in HTTP Endpoint
CVSS 6.5
CVE-2023-41941 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2023-41908 MEDIUM
cerebrate < 1.15 - Missing Secure Attribute for Session Cookie
CVSS 5.3
CVE-2023-4059 MEDIUM
Profile Builder < 3.9.8 - Unauthenticated Missing Authorization and CSRF in Page Creation Function
CVSS 4.3
Details
Vulnerabilities 8,401
Exploit Likelihood High