CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-2369 MEDIUM
YaySMTP < 2.2.1 - Authenticated Log Exposure via Missing Capability Check
CVSS 4.3
CVE-2022-36921 HIGH
Jenkins Coverity Plugin < 1.11.4 - Missing Authorization for Credential Capture via URL Connection
CVSS 8.1
CVE-2022-36919 MEDIUM
Jenkins Coverity Plugin < 1.11.4 - Credential ID Enumeration via Missing Permission Check
CVSS 4.3
CVE-2022-36918 MEDIUM
Jenkins Buckminster Plugin < 1.1.1 - File Existence Disclosure via Form Validation
CVSS 4.3
CVE-2022-36917 MEDIUM
Jenkins Google Cloud Backup Plugin < 0.6 - Missing Authorization for Manual Backup Request
CVSS 4.3
CVE-2022-36915 MEDIUM
Jenkins Android Signing Plugin < 2.2.5 - Missing Authorization in Form Validation
CVSS 4.3
CVE-2022-36914 MEDIUM
Jenkins Files Found Trigger Plugin <= 1.5 - Missing Authorization for File Existence Check
CVSS 4.3
CVE-2022-36913 MEDIUM
Jenkins Openstack Heat Plugin < 1.5 - Unauthenticated Path Disclosure via Form Validation
CVSS 4.3
CVE-2022-36912 MEDIUM
Jenkins Openstack Heat Plugin < 1.5 - Server-Side Request Forgery via URL Connection
CVSS 4.3
CVE-2022-36910 MEDIUM
Jenkins Lucene-Search Plugin < 370.v62a5f618cd3a - Missing Authorization in HTTP Endpoints
CVSS 5.4
CVE-2022-36909 MEDIUM
Jenkins OpenShift Deployer Plugin < 1.2.0 - Missing Authorization
CVSS 6.5
CVE-2022-36907 MEDIUM
Jenkins OpenShift Deployer Plugin < 1.2.0 - Missing Authorization
CVSS 6.5
CVE-2022-36904 MEDIUM
Jenkins Repository Connector < 2.2.0 - Missing Authorization for File Path Existence Check
CVSS 4.3
CVE-2022-36903 MEDIUM
Jenkins Repository Connector < 2.2.0 - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2022-36898 MEDIUM
Jenkins Compuware ISPW Operations Plugin < 1.0.8 - Missing Authorization
CVSS 4.3
CVE-2022-36897 MEDIUM
Jenkins Compuware Xpediter Code Coverage Plugin < 1.0.7 - Missing Authorization
CVSS 4.3
CVE-2022-36896 MEDIUM
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin < 2.0.12 - Missing Authorization
CVSS 6.5
CVE-2022-36895 MEDIUM
Jenkins Compuware Topaz Utilities Plugin < 1.0.8 - Missing Authorization
CVSS 4.3
CVE-2022-36893 MEDIUM
Jenkins rpmsign-plugin < 0.5.0 - Missing Authorization in Form Validation
CVSS 4.3
CVE-2022-36892 MEDIUM
Jenkins rhnpush-plugin < 0.5.1 - Missing Authorization in Form Validation
CVSS 4.3
CVE-2022-36891 MEDIUM
Jenkins Deployer Framework Plugin < 85.v1d1888e8c021 - Missing Authorization for Deployment Logs
CVSS 4.3
CVE-2022-36888 MEDIUM
Jenkins HashiCorp Vault Plugin < 354.vdb_858fd6b_f48 - Missing Authorization for Vault Credential Access
CVSS 6.5
CVE-2022-36883 HIGH
Jenkins Git Plugin < 4.11.3 - Unauthenticated Build Trigger and Arbitrary Repository Checkout
CVSS 7.5
CVE-2022-2108 MEDIUM
Wbcom Designs - BuddyPress Group Reviews <2.8.3 - CSRF
CVSS 6.5
CVE-2022-20225 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in SubscriptionController
CVSS 5.5
Details
Vulnerabilities 8,403
Exploit Likelihood High