CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,421 vulnerabilities with CWE-862
CVE-2019-11610 HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via downloaddir.php
CVSS 7.5
CVE-2019-11609 HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via movefile.php
CVSS 8.2
CVE-2019-11608 HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via /fileman/php/renamefile.php
CVSS 8.2
CVE-2019-11607 HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via copydir.php
CVSS 7.5
CVE-2019-11606 HIGH
doorgets_cms 7.0 - Unauthenticated Sensitive Information Disclosure via copyfile.php
CVSS 7.5
CVE-2019-3399 HIGH
Jira <7.13.2 and 8.0.0-8.0.2 - Unauthenticated Information Disclosure via BrowseProjects.jspa
CVSS 7.5
CVE-2019-10312 MEDIUM
Jenkins Ansible Tower Plugin <= 0.9.1 - Missing Authorization in TowerInstallation Descriptor
CVSS 4.3
CVE-2019-10311 HIGH
Jenkins Ansible Tower Plugin < 0.9.1 - Missing Authorization in TowerInstallation Connection Test
CVSS 8.8
CVE-2019-10308 MEDIUM
Jenkins Static Analysis Utilities < 1.95 - Missing Authorization in DefaultGraphConfigurationView#doSave
CVSS 6.5
CVE-2019-2026 HIGH
Android <8.0 - Privilege Escalation
CVSS 7.8
CVE-2019-10305 MEDIUM
Jenkins XebiaLabs XL Deploy Plugin < 7.5.3 - Missing Authorization in Credential Validation
CVSS 6.5
CVE-2019-10301 HIGH
Jenkins GitLab Plugin < 1.5.11 - Missing Authorization in Connection Test
CVSS 8.8
CVE-2019-9224 MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Missing Authorization
CVSS 5.3
CVE-2019-9171 LOW
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
CVSS 3.7
CVE-2019-9974 CRITICAL
DASAN H660RM Firmware 1.03-0022 - Unauthenticated Command Execution via diag_tool.cgi
CVSS 9.1
CVE-2019-0279 HIGH
SAP BASIS - Authenticated Privilege Escalation via ABAP Function Modules
CVSS 8.8
CVE-2019-10868 MEDIUM
Tryton 4.2.0-4.2.20, 4.4.0-4.4.18, 4.6.0-4.6.13, 4.8.0-4.8.9, 5.0.0-5.0.5 - Missing Authorization in Model Storage
CVSS 6.5
CVE-2019-3886 MEDIUM
libvirt >=4.8.0 <5.3.0 - Missing Authorization for Guest Agent APIs
CVSS 5.4
CVE-2019-10293 MEDIUM
Jenkins Kmap Plugin - Missing Authorization in Form Validation Methods
CVSS 6.5
CVE-2019-10290 MEDIUM
Jenkins Netsparker Cloud Scan Plugin < 1.1.5 - Missing Authorization in NCScanBuilder Descriptor Validation
CVSS 6.5
CVE-2019-10279 MEDIUM
Jenkins Reviewbot Plugin - Missing Authorization in Test Connection Form Validation
CVSS 6.5
CVE-2019-1003099 MEDIUM
Jenkins openid < 2.3 - Missing Authorization in OpenIdSsoSecurityRealm Descriptor Validation
CVSS 6.5
CVE-2019-1003093 MEDIUM
Jenkins Nomad Plugin - Privilege Escalation
CVSS 6.5
CVE-2019-1003091 MEDIUM
Jenkins SOASTA CloudTest Plugin - Privilege Escalation
CVSS 6.5
CVE-2019-1003087 MEDIUM
Jenkins Chef Sinatra Plugin - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities 8,421
Exploit Likelihood High