Vulnerabilities (CVE)

Filtered by CWE-862
Total 857 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32477 1 Moodle 1 Moodle 2022-07-02 4.0 MEDIUM 4.3 MEDIUM
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.
CVE-2022-1521 1 Illumina 8 Iseq 100, Local Run Manager, Miniseq and 5 more 2022-07-01 6.4 MEDIUM 9.1 CRITICAL
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
CVE-2022-34813 2022-06-30 N/A N/A
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.
CVE-2022-34785 2022-06-30 N/A N/A
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.
CVE-2022-34798 2022-06-30 N/A N/A
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
CVE-2022-34810 2022-06-30 N/A N/A
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-34779 2022-06-30 N/A N/A
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-34781 2022-06-30 N/A N/A
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-34794 2022-06-30 N/A N/A
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
CVE-2022-34818 2022-06-30 N/A N/A
Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs.
CVE-2022-34811 2022-06-30 N/A N/A
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page.
CVE-2022-34208 1 Jenkins 1 Beaker Builder 2022-06-30 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34206 1 Jenkins 1 Jianliao Notification 2022-06-30 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.
CVE-2022-34204 1 Jenkins 1 Easyqa 2022-06-30 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVE-2022-34210 1 Jenkins 1 Threadfix 2022-06-29 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34212 1 Jenkins 1 Vrealize Orchestrator 2022-06-29 3.5 LOW 5.7 MEDIUM
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.
CVE-2022-34201 1 Jenkins 1 Convertigo Mobile Platform 2022-06-29 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2022-34180 1 Jenkins 1 Embeddable Build Status 2022-06-29 5.0 MEDIUM 7.5 HIGH
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
CVE-2021-37764 1 Xos-shop 1 Xos Shop System 2022-06-28 5.5 MEDIUM 8.1 HIGH
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php.
CVE-2021-46820 1 Xos-shop 1 Xos Shop System 2022-06-28 5.5 MEDIUM 8.1 HIGH
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php