CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,407 vulnerabilities with CWE-862
CVE-2022-20049 MEDIUM
Android - Missing Authorization in vpu
CVSS 6.7
CVE-2022-0905 HIGH
Gitea < 1.16.4 - Missing Authorization
CVSS 7.1
CVE-2022-0756 MEDIUM
GitHub salesagility/suitecrm <7.12.5 - Info Disclosure
CVSS 6.5
CVE-2022-0755 MEDIUM
GitHub salesagility/suitecrm <7.12.5 - Info Disclosure
CVSS 4.3
CVE-2022-0163 MEDIUM
Smart Forms WordPress <2.6.71 - Info Disclosure
CVSS 6.5
CVE-2022-23709 MEDIUM
Kibana 7.7.0-7.17.0 - Authenticated Alert Rule Modification via Uptime Feature
CVSS 4.3
CVE-2022-0492 HIGH KEV
Docker cgroups Container Escape
CVSS 7.8
CVE-2022-0345 MEDIUM
Customize WordPress Emails and Alerts <1.8.7 - CSRF
CVSS 4.3
CVE-2022-24594 MEDIUM
waline 1.6.1 - Missing Authorization via X-Forwarded-For Header
CVSS 5.3
CVE-2022-0726 MEDIUM
GitHub chocobozzz/peertube <4.1.0 - Info Disclosure
CVSS 5.4
CVE-2022-0164 MEDIUM
Coming soon and Maintenance mode < 3.5.3 - Authenticated Arbitrary Email Sending via coming_soon_send_mail AJAX Action
CVSS 4.3
CVE-2022-23642 HIGH
Sourcegraph gitserver sshCommand RCE
CVSS 8.8
CVE-2022-0543 CRITICAL KEV
Redis Lua Sandbox Escape
CVSS 10.0
CVE-2022-0611 MEDIUM
Packagist snipe/snipe-it <5.3.11 - Info Disclosure
CVSS 6.3
CVE-2022-25211 HIGH
Jenkins SWAMP Plugin < 1.2.6 - Missing Authorization for Web Server Connection
CVSS 8.8
CVE-2022-25208 HIGH
Jenkins Chef Sinatra Plugin < 1.20 - Server-Side Request Forgery via XML Response Parsing
CVSS 8.8
CVE-2022-25206 HIGH
Jenkins dbCharts < 0.5.2 - Missing Authorization for JDBC Database Connection
CVSS 8.8
CVE-2022-25201 MEDIUM
Jenkins Checkmarx Plugin < 2022.1.2 - Missing Authorization
CVSS 6.5
CVE-2022-25199 HIGH
Jenkins SCP publisher < 1.8 - Missing Authorization for SSH Server Connection
CVSS 8.8
CVE-2022-25195 MEDIUM
Jenkins autonomiq < 1.15 - Missing Authorization for URL Connection
CVSS 4.3
CVE-2022-25193 MEDIUM
Jenkins Snow Commander Plugin < 1.10 - Missing Authorization for Credential Capture
CVSS 6.5
CVE-2022-25190 MEDIUM
Jenkins Conjur Secrets Plugin < 1.0.11 - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2022-0588 HIGH
Packagist librenms/librenms <22.2.0 - Info Disclosure
CVSS 7.1
CVE-2022-0579 MEDIUM
Packagist snipe/snipe-it <5.3.9 - Info Disclosure
CVSS 6.5
CVE-2022-22854 HIGH
Hospital Patient Record Management System 1.0 - Missing Authorization in User List Management
CVSS 8.8
Details
Vulnerabilities 8,407
Exploit Likelihood High