CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-20609 MEDIUM
Samsung Android P(9.0) - Unauthorized Secure Folder Notification Content Access via Smartwatch
CVSS 6.5
CVE-2019-20599 HIGH
Samsung Android N(7.x)-P(9.0) - Missing Authorization in Voice Assistant Notification Handling
CVSS 7.5
CVE-2019-20555 MEDIUM
Samsung Android Gallery - Unauthenticated Picture Access on Locked Device
CVSS 5.3
CVE-2019-12498 CRITICAL
3cx Live Chat < 8.0.33 - Missing Authorization via REST API
CVSS 9.8
CVE-2019-18581 HIGH
Dell EMC Data Protection Advisor <19.1-6.5 - Command Injection
CVSS 7.2
CVE-2019-14883 MEDIUM
Moodle 3.6-3.6.6 and 3.7-3.7.2 - Missing Authorization for Inline Email Attachment Access
CVSS 5.3
CVE-2019-20407 MEDIUM
Jira Software 8.4.1-8.5.3 Authenticated Information Disclosure
CVSS 4.3
CVE-2019-19937 HIGH
JFrog Artifactory < 6.18 - Missing Authorization for System and Repository Imports
CVSS 7.2
CVE-2019-19989 HIGH
Selesta Visual Access Manager 4.15.0-4.29.0 - Missing Authorization
CVSS 7.5
CVE-2019-5470 HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Missing Authorization in Security Dashboard
CVSS 7.5
CVE-2019-19802 MEDIUM
Gallagher Command Centre < 7.70 - Authenticated Missing Authorization via OPCUA
CVSS 6.5
CVE-2019-11761 MEDIUM
Firefox < 70, Thunderbird < 68.2, Firefox ESR < 68.2 - CSRF
CVSS 5.4
CVE-2019-19985 MEDIUM
Email Subscribers & Newsletters < 4.2.3 - Unauthenticated File Download and User Information Disclosure
CVSS 5.3
CVE-2019-19899 CRITICAL
Pebble Templates < 3.1.4 - Missing Authorization via Class.forName Bypass
CVSS 9.8
CVE-2019-15576 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthenticated Information Disclosure via GraphQL Endpoint
CVSS 7.5
CVE-2019-15013 MEDIUM
Jira < 7.13.12, 8.0.0-8.4.3, 8.5.0-8.5.2 - Authenticated Missing Authorization in WorkflowResource
CVSS 4.3
CVE-2019-16576 MEDIUM
Jenkins Alauda Kubernetes Suport Plugin <2.3.0 - SSRF
CVSS 6.5
CVE-2019-16574 MEDIUM
Jenkins Alauda DevOps Pipeline Plugin <2.3.2 - SSRF
CVSS 6.5
CVE-2019-16571 MEDIUM
Jenkins RapidDeploy Plugin <4.1 - DoS
CVSS 4.3
CVE-2019-16567 MEDIUM
Jenkins Team Concert Plugin <1.3.0 - Info Disclosure
CVSS 4.3
CVE-2019-16566 MEDIUM
Jenkins Team Concert Plugin <1.3.0 - SSRF
CVSS 6.5
CVE-2019-15932 CRITICAL
Intesync Solismed 3.3sp - Info Disclosure
CVSS 9.8
CVE-2019-19604 HIGH
Git <2.20.2-2.24.1 - Command Injection
CVSS 7.8
CVE-2019-13748 MEDIUM
Google Chrome <79.0.3945.79 - Info Disclosure
CVSS 6.5
CVE-2019-2229 MEDIUM
Android 8.0-10 - Unauthenticated Local Information Disclosure via BaseWidgetProvider
CVSS 5.5
Details
Vulnerabilities 8,421
Exploit Likelihood High