CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-10445 MEDIUM
Jenkins Google Kubernetes Engine Plugin < 0.7.0 - Missing Authorization
CVSS 4.3
CVE-2019-10442 MEDIUM
Jenkins iceScrum < 1.1.5 - Missing Authorization for URL Connection
CVSS 4.3
CVE-2019-10439 MEDIUM
Jenkins CRX Content Package Deployer Plugin < 1.8.1 - Credential ID Enumeration
CVSS 4.3
CVE-2019-10438 MEDIUM
Jenkins CRX Content Package Deployer < 1.8.1 - Missing Authorization for Credential Capture via URL Connection
CVSS 6.5
CVE-2019-12944 HIGH
Glue Smart Lock Firmware 2.7.8 - Missing Authorization
CVSS 7.5
CVE-2019-2110 MEDIUM
Android 9 - Unauthenticated Secure Screen Capture via ScreenRotationAnimation
CVSS 5.5
CVE-2019-0367 MEDIUM
SAP NetWeaver Process Integration - Missing Authorization Check for B2B Table Content Import
CVSS 4.3
CVE-2019-17055 LOW
Linux Kernel < 5.3.2 - Unauthenticated Missing Authorization in AF_ISDN Socket Creation
CVSS 3.3
CVE-2019-9380 MEDIUM
Android 10 - Unauthenticated Permission Spoofing in Settings UI
CVSS 6.5
CVE-2019-9377 LOW
Android 10 - Unauthenticated Local Information Disclosure via FingerprintService
CVSS 3.3
CVE-2019-9351 LOW
Android 10 - Missing Authorization in SyncStatusObserver
CVSS 3.3
CVE-2019-9323 MEDIUM
Android 10 - Unauthenticated Information Disclosure via Wallpaper Manager Service
CVSS 5.3
CVE-2019-9295 HIGH
Android 10 - Missing Authorization in com.android.apps.tag
CVSS 7.8
CVE-2019-9263 HIGH
Android 10 - Local Privilege Escalation via Telephony Permission Bypass
CVSS 7.8
CVE-2019-16738 MEDIUM
MediaWiki <1.33.0 - Info Disclosure
CVSS 5.3
CVE-2019-10409 MEDIUM
Jenkins Project Inheritance Plugin < 19.08.01 - Missing Authorization
CVSS 4.3
CVE-2019-15723 MEDIUM
GitLab 11.9.4-11.10.1 - Missing Authorization via Merge Request Email Creation
CVSS 5.3
CVE-2019-15030 MEDIUM
Linux Kernel < 5.2.14 - Unauthenticated Information Disclosure via PowerPC Vector Register Access
CVSS 4.4
CVE-2019-16236 HIGH
dino < 0.1.0 - Missing Authorization in Roster Push
CVSS 7.5
CVE-2019-14995 MEDIUM
Jira Server 7.6.0-8.3.9 - Unauthenticated Information Disclosure via Attachment Existence Check
CVSS 5.3
CVE-2019-12942 MEDIUM
TTLock - Missing Authorization
CVSS 6.5
CVE-2019-5463 MEDIUM
GitLab 11.11.0-11.11.6 - Missing Authorization in CI Badge Images Endpoint
CVSS 5.3
CVE-2019-16124 CRITICAL
YouPHPTube < 7.4 - Unauthenticated Arbitrary File Write via checkConfiguration.php
CVSS 9.8
CVE-2019-16097 MEDIUM
Harbor 1.7.0-1.8.2 - Privilege Escalation
CVSS 6.5
CVE-2019-15954 CRITICAL
Total.js CMS 12.0.0 - Authenticated RCE
CVSS 9.9
Details
Vulnerabilities 8,421
Exploit Likelihood High