CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-24605 MEDIUM
OX App Suite <7.10.6-rev37 - Info Disclosure
CVSS 4.2
CVE-2023-2945 MEDIUM
OpenEMR < 7.0.1 - Missing Authorization
CVSS 5.4
CVE-2023-32316 HIGH
CloudExplorer Lite < 1.1.0 - Missing Authorization in User Profile
CVSS 7.1
CVE-2023-32311 HIGH
fit2cloud cloudexplorer < 1.1.0 - Missing Authorization for Organization Membership
CVSS 7.1
CVE-2023-2480 HIGH
M-Files < 23.5.12598.0 - Privilege Escalation via UI Extension Applications
CVSS 7.5
CVE-2023-33983 HIGH
Briar < 1.5.3 - Missing Authorization for Introduction Client Public Key Verification
CVSS 7.4
CVE-2023-33948 MEDIUM
Liferay Portal/DXP 7.4.3.67 - Info Disclosure
CVSS 5.3
CVE-2023-2494 MEDIUM
Go Pricing WordPress Plugin <= 3.3.19 - Authenticated Missing Authorization
CVSS 4.6
CVE-2023-27304 MEDIUM
Cybozu Garoon 4.6.0-5.9.2 - Authenticated Operation Restriction Bypass in Message and Bulletin
CVSS 4.3
CVE-2023-31826 HIGH
Skyscreamer Open Source Nevado JMS <1.3.2 - Command Injection
CVSS 7.8
CVE-2023-33252 HIGH
snarkjs < 0.6.11 - Missing Authorization via Public Signals Length Validation
CVSS 7.5
CVE-2023-2716 MEDIUM
Groundhogg <= 2.7.9.8 - Authenticated Unauthorized Data Access and Modification via ajax_upload_file
CVSS 5.4
CVE-2023-2715 MEDIUM
Groundhogg <= 2.7.9.8 - Authenticated Unauthorized Data Modification via submit_ticket Function
CVSS 4.3
CVE-2023-2714 MEDIUM
Groundhogg <= 2.7.9.8 - Authenticated License Key Modification via Missing Capability Check
CVSS 4.3
CVE-2023-28623 MEDIUM
Zulip < 6.2 - Unauthenticated Account Creation via LDAP Authentication Bypass
CVSS 6.5
CVE-2023-32677 LOW
Zulip < 6.2 - Missing Authorization for Stream Assignment in User Invitation
CVSS 3.1
CVE-2023-2757 HIGH
Waiting: One-click countdowns <= 0.6.2 - Authenticated Cross-Site Scripting via saveLang Function
CVSS 7.4
CVE-2023-20726 LOW
Yocto - Unauthenticated GPS Location Disclosure via Missing Authorization
CVSS 3.3
CVE-2023-2590 LOW
answer < 1.0.9 - Missing Authorization
CVSS 3.5
CVE-2023-32112 LOW
SAP S4CORE and Vendor Master Hierarchy - Authenticated Missing Authorization
CVSS 2.8
CVE-2023-22813 LOW
Western Digital My Cloud OS 5 and My Cloud Home - Unauthenticated Information Disclosure via Device API Endpoint
CVSS 3.3
CVE-2023-27963 HIGH
iPadOS < 15.7.4 - Missing Authorization for Sensitive Data Access via Shortcut Actions
CVSS 7.5
CVE-2023-31047 CRITICAL
Django <3.2.19, <4.1.9, <4.2.1 - Auth Bypass
CVSS 9.8
CVE-2023-0805 MEDIUM
GitLab 15.2-15.9.5, 15.10-15.10.4, 15.11 - Missing Authorization for Banned Group Members
CVSS 4.9
CVE-2023-22728 MEDIUM
Silverstripe Framework < 4.12.15 - Missing Authorization in GridField Print View
CVSS 4.3
Details
Vulnerabilities 8,401
Exploit Likelihood High