CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,403 vulnerabilities with CWE-862
CVE-2022-28139 MEDIUM
Jenkins RocketChat Notifier Plugin < 1.4.0 - Missing Authorization
CVSS 4.3
CVE-2022-28137 MEDIUM
Jenkins JiraTestResultReporter < 165.v817928553942 - Missing Authorization for URL Connection
CVSS 4.3
CVE-2022-28134 MEDIUM
Jenkins Bitbucket Server Integration Plugin < 3.1.0 - Missing Authorization in HTTP Endpoints
CVSS 5.4
CVE-2022-27658 HIGH
SAP Innovation Management 2.0 - Missing Authorization
CVSS 7.5
CVE-2022-0833 MEDIUM
Church Admin WordPress Plugin < 3.4.135 - Unauthenticated Missing Authorization and CSRF via Refresh-Backup Action
CVSS 4.3
CVE-2022-27948 HIGH
Tesla Model 3, S, and X Firmware < 2022-03-26 - Unauthenticated Charging Port Opening via 315 MHz RF Signal
CVSS 7.2
CVE-2022-24768 CRITICAL
Argo CD <1.0.0 - Privilege Escalation
CVSS 9.9
CVE-2022-21718 LOW
Electron < 13.6.6 - Unauthenticated Bluetooth Device Access via Web Bluetooth API
CVSS 3.4
CVE-2022-0229 HIGH
miniOrange's Google Authenticator WordPress <5.5 - CSRF
CVSS 8.1
CVE-2022-27215 MEDIUM
Jenkins Release Helper Plugin < 1.3.3 - Server-Side Request Forgery via Missing Permission Check
CVSS 4.3
CVE-2022-27211 MEDIUM
Jenkins Kubernetes Continuous Deploy Plugin < 2.3.1 - Missing Authorization for SSH Credential Capture
CVSS 6.5
CVE-2022-27209 MEDIUM
Jenkins Kubernetes Continuous Deploy Plugin < 2.3.1 - Missing Authorization for Credential ID Enumeration
CVSS 6.5
CVE-2022-27205 MEDIUM
Jenkins Extended Choice Parameter Plugin < 346.vd87693c5a_86c - Server-Side Request Forgery via URL Connection
CVSS 4.3
CVE-2022-27199 MEDIUM
Jenkins CloudBees AWS Credentials Plugin < 191.vcb_f183ce58b_9 - Missing Authorization
CVSS 4.3
CVE-2022-0932 MEDIUM
saleor < 3.1.2 - Missing Authorization
CVSS 6.5
CVE-2022-0871 CRITICAL
Gogs < 0.12.5 - Missing Authorization
CVSS 9.1
CVE-2022-26104 MEDIUM
SAP Financial Consolidation 10.1 - Privilege Escalation
CVSS 5.3
CVE-2022-26103 MEDIUM
SAP NetWeaver Application Server Java 7.50 - Missing Authorization
CVSS 5.3
CVE-2022-26102 MEDIUM
SAP NetWeaver Application Server ABAP 700, 701, 702, 731 - Authenticated Missing Authorization Check
CVSS 5.4
CVE-2022-20054 HIGH
Android - AT Command Injection via Missing Authorization
CVSS 7.8
CVE-2022-20053 HIGH
Android - Missing Authorization Leading to Local Privilege Escalation
CVSS 7.8
CVE-2022-20049 MEDIUM
Android - Missing Authorization in vpu
CVSS 6.7
CVE-2022-0905 HIGH
Gitea < 1.16.4 - Missing Authorization
CVSS 7.1
CVE-2022-0756 MEDIUM
GitHub salesagility/suitecrm <7.12.5 - Info Disclosure
CVSS 6.5
CVE-2022-0755 MEDIUM
GitHub salesagility/suitecrm <7.12.5 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,403
Exploit Likelihood High