CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-39861 MEDIUM
Samsung FactoryCamera < 3.5.51 - Unauthenticated Video Recording via Unprotected Broadcast Receiver
CVSS 5.9
CVE-2022-39222 CRITICAL
Dex < 2.35.0 - Unauthenticated OAuth Authorization Code Theft via Malicious OIDC Flow
CVSS 9.3
CVE-2022-3124 MEDIUM
Frontend File Manager Plugin < 21.3 - Unauthenticated Arbitrary File Write via File Rename
CVSS 5.3
CVE-2022-40316 MEDIUM
moodle 3.9.0-3.9.16 - Missing Authorization in H5P Activity Attempts Report
CVSS 4.3
CVE-2022-36068 HIGH
Discourse <2.8.9-2.9.0.beta10 - Privilege Escalation
CVSS 7.2
CVE-2022-2987 HIGH
Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update and Authentication Bypass
CVSS 7.5
CVE-2022-2405 MEDIUM
WP Popup Builder < 1.2.9 - Authenticated Arbitrary Popup Deletion via Missing Authorization
CVSS 4.3
CVE-2022-36340 MEDIUM
MailOptin <1.2.49.0 - Info Disclosure
CVSS 6.5
CVE-2022-35249 MEDIUM
Rocket.Chat < 5.0 - Unauthenticated Information Disclosure via getUserMentionsByChannel Method
CVSS 4.3
CVE-2022-35247 MEDIUM
Rocket.Chat < 4.7.5 - Unauthenticated Information Disclosure via getRoomRoles Meteor Method
CVSS 4.3
CVE-2022-32220 MEDIUM
Rocket.Chat < 5.0 - Unauthenticated Information Disclosure via getUserMentionsByChannel Method
CVSS 6.5
CVE-2022-38512 MEDIUM
Liferay Portal/DXP <7.4.3.37 - Info Disclosure
CVSS 6.5
CVE-2022-39975 MEDIUM
Liferay DXP 7.3-7.4 and Liferay Portal 7.3.3-7.4.3.34 - Unauthenticated Information Disclosure via Content Page Preview
CVSS 4.3
CVE-2022-41254 MEDIUM
Jenkins CONS3RT Plugin <1.0.0 - Privilege Escalation
CVSS 6.5
CVE-2022-41252 MEDIUM
Jenkins CONS3RT Plugin <1.0.0 - Info Disclosure
CVSS 4.3
CVE-2022-41251 MEDIUM
Jenkins Apprenda Plugin <2.2.0 - Info Disclosure
CVSS 4.3
CVE-2022-41250 MEDIUM
Jenkins SCM HttpClient Plugin <1.5 - Privilege Escalation
CVSS 6.5
CVE-2022-41246 MEDIUM
Jenkins Worksoft Execution Manager Plugin <10.0.3.503 - SSRF
CVSS 6.5
CVE-2022-41242 MEDIUM
Jenkins extreme-feedback Plugin <1.7 - Info Disclosure
CVSS 5.4
CVE-2022-41238 CRITICAL
Jenkins DotCi Plugin <2.40.00 - Info Disclosure
CVSS 9.8
CVE-2022-41234 HIGH
Jenkins Rundeck Plugin <3.6.11 - CSRF
CVSS 8.8
CVE-2022-41233 MEDIUM
Jenkins Rundeck Plugin <3.6.11 - Info Disclosure
CVSS 4.3
CVE-2022-41230 MEDIUM
Jenkins Build-Publisher Plugin <1.22 - Info Disclosure
CVSS 4.3
CVE-2022-41228 HIGH
Jenkins NS-ND Integration Performance Publisher Plugin <4.8.0.129 -...
CVSS 8.8
CVE-2022-39960 MEDIUM
Netic Group Export < 1.0.3 - Unauthenticated Group Export via groupexport_download Parameter
CVSS 5.3
Details
Vulnerabilities 8,403
Exploit Likelihood High