The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,403 vulnerabilities with CWE-862
CVE-2022-28139
MEDIUM
Jenkins RocketChat Notifier Plugin < 1.4.0 - Missing Authorization
CVSS 4.3
CVE-2022-28137
MEDIUM
Jenkins JiraTestResultReporter < 165.v817928553942 - Missing Authorization for URL Connection
CVSS 4.3
CVE-2022-28134
MEDIUM
Jenkins Bitbucket Server Integration Plugin < 3.1.0 - Missing Authorization in HTTP Endpoints
CVSS 5.4
CVE-2022-27658
HIGH
SAP Innovation Management 2.0 - Missing Authorization
CVSS 7.5
CVE-2022-0833
MEDIUM
Church Admin WordPress Plugin < 3.4.135 - Unauthenticated Missing Authorization and CSRF via Refresh-Backup Action
CVSS 4.3
CVE-2022-27948
HIGH
Tesla Model 3, S, and X Firmware < 2022-03-26 - Unauthenticated Charging Port Opening via 315 MHz RF Signal
CVSS 7.2
CVE-2022-24768
CRITICAL
Argo CD <1.0.0 - Privilege Escalation
CVSS 9.9
CVE-2022-21718
LOW
Electron < 13.6.6 - Unauthenticated Bluetooth Device Access via Web Bluetooth API
CVSS 3.4
CVE-2022-0229
HIGH
miniOrange's Google Authenticator WordPress <5.5 - CSRF
CVSS 8.1
CVE-2022-27215
MEDIUM
Jenkins Release Helper Plugin < 1.3.3 - Server-Side Request Forgery via Missing Permission Check
CVSS 4.3
CVE-2022-27211
MEDIUM
Jenkins Kubernetes Continuous Deploy Plugin < 2.3.1 - Missing Authorization for SSH Credential Capture
CVSS 6.5
CVE-2022-27209
MEDIUM
Jenkins Kubernetes Continuous Deploy Plugin < 2.3.1 - Missing Authorization for Credential ID Enumeration
CVSS 6.5
CVE-2022-27205
MEDIUM
Jenkins Extended Choice Parameter Plugin < 346.vd87693c5a_86c - Server-Side Request Forgery via URL Connection
CVSS 4.3
CVE-2022-27199
MEDIUM
Jenkins CloudBees AWS Credentials Plugin < 191.vcb_f183ce58b_9 - Missing Authorization
CVSS 4.3
CVE-2022-0932
MEDIUM
saleor < 3.1.2 - Missing Authorization
CVSS 6.5
CVE-2022-0871
CRITICAL
Gogs < 0.12.5 - Missing Authorization
CVSS 9.1
CVE-2022-26104
MEDIUM
SAP Financial Consolidation 10.1 - Privilege Escalation
CVSS 5.3
CVE-2022-26103
MEDIUM
SAP NetWeaver Application Server Java 7.50 - Missing Authorization
CVSS 5.3
CVE-2022-26102
MEDIUM
SAP NetWeaver Application Server ABAP 700, 701, 702, 731 - Authenticated Missing Authorization Check
CVSS 5.4
CVE-2022-20054
HIGH
Android - AT Command Injection via Missing Authorization
CVSS 7.8
CVE-2022-20053
HIGH
Android - Missing Authorization Leading to Local Privilege Escalation
CVSS 7.8
CVE-2022-20049
MEDIUM
Android - Missing Authorization in vpu
CVSS 6.7
CVE-2022-0905
HIGH
Gitea < 1.16.4 - Missing Authorization
CVSS 7.1
CVE-2022-0756
MEDIUM
GitHub salesagility/suitecrm <7.12.5 - Info Disclosure
CVSS 6.5
CVE-2022-0755
MEDIUM
GitHub salesagility/suitecrm <7.12.5 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities
8,403
Exploit Likelihood
High