CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-3320 MEDIUM
Cloudflare WARP < 2022.8.857.0 - Policy Bypass via Custom Endpoint Disconnect
CVSS 6.7
CVE-2022-24669 MEDIUM
Forgerock Access Management - Information Disclosure
CVSS 6.5
CVE-2022-39329 LOW
Nextcloud Server and Nextcloud Enterprise Server < 23.0.9 - Unauthenticated Information Exposure
CVSS 3.5
CVE-2022-39340 MEDIUM
OpenFGA < 0.2.4 - Unauthenticated Information Disclosure via streamed-list-objects Endpoint
CVSS 5.3
CVE-2022-41797 MEDIUM
Lemon8 < 3.3.5 - Missing Authorization in Custom URL Scheme Handler
CVSS 6.5
CVE-2022-26423 HIGH
Aethon TUG Home Base Server <24 - Info Disclosure
CVSS 8.2
CVE-2022-1070 HIGH
Aethon TUG Home Base Server < 24 - Unauthenticated Access to Hashed User Credentials
CVSS 8.2
CVE-2022-1066 HIGH
Aethon TUG Home Base Server < 24 - Unauthenticated Access to Hashed User Credentials
CVSS 8.2
CVE-2022-43431 MEDIUM
Jenkins Compuware Strobe Measurement Plugin <1.0.1 - Info Disclosure
CVSS 4.3
CVE-2022-43427 MEDIUM
Jenkins Compuware Topaz for Total Test Plugin <2.4.8 - Info Disclosure
CVSS 4.3
CVE-2022-43421 MEDIUM
Jenkins Tuleap Git Branch Source Plugin <3.2.4 - Info Disclosure
CVSS 5.3
CVE-2022-43417 MEDIUM
Jenkins Katalon Plugin <1.0.32 - Open Redirect
CVSS 4.3
CVE-2022-43413 MEDIUM
Jenkins Job Import Plugin <3.5 - Info Disclosure
CVSS 4.3
CVE-2022-39233 MEDIUM
Tuleap 12.9.99.228-14.0.99.24 - Authenticated Missing Authorization via GitLab Repository REST Endpoint
CVSS 4.3
CVE-2022-3244 MEDIUM
WordPress Plugin <6.5.8 - Auth Bypass
CVSS 4.2
CVE-2022-3082 MEDIUM
miniOrange Discord Integration <2.1.6 - CSRF
CVSS 6.5
CVE-2022-3501 LOW
OTRS 8.0.0 through 8.0.26 - Information Disclosure
CVSS 3.5
CVE-2022-39117 MEDIUM
Android - Missing Authorization in Messaging Service
CVSS 5.5
CVE-2022-39115 MEDIUM
Android - Missing Authorization Leading to Local Denial of Service in Music Service
CVSS 5.5
CVE-2022-39114 MEDIUM
Android - Denial of Service via Missing Permission Check in Music Service
CVSS 5.5
CVE-2022-39113 MEDIUM
Android - Missing Authorization Leading to Local Denial of Service in Music Service
CVSS 5.5
CVE-2022-39112 MEDIUM
Android - Missing Authorization in Music Service
CVSS 5.5
CVE-2022-39111 HIGH
Android - Missing Authorization in Music Service
CVSS 7.8
CVE-2022-39110 HIGH
Music Service - Privilege Escalation
CVSS 7.8
CVE-2022-39109 HIGH
Music Service - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 8,403
Exploit Likelihood High