A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page, but that control is not done for the pages routes/adminPanelComments.py and routes/adminPanelPosts.py. Thus, an unauthorized user can bypass the intended restrictions, leaking sensitive data and accessing the following pages: /admin/posts, /adminpanel/posts, /admin/comments, and /adminpanel/comments.
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. An LTI tool submits scores to the edX platform for line items. The code that uploads that score to the LMS grade tables determines which XBlock to upload the grades for by reading the resource_link_id field of the associated line item. The LTI tool may submit any value for the resource_link_id field, allowing a malicious LTI tool to submit scores for any LTI XBlock on the platform. The impact is a loss of integrity for LTI XBlock grades. This issue is patched in 7.2.2. No workarounds exist.
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.
Missing Authorization vulnerability in WPExpertsio New User Approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through 2.6.2.
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35.
GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1.
Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0.
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check.
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DB Backup: from n/a through 6.0.
Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2.
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.
Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages: from n/a through 1.4.5.
Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5.
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4.
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.