Total
4636 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38512 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL. | |||||
| CVE-2022-38370 | 1 Apache | 1 Iotdb | 2024-11-21 | N/A | 7.5 HIGH |
| Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. | |||||
| CVE-2022-38367 | 1 Netic | 1 User Export For Jira | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. | |||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | |||||
| CVE-2022-38141 | 1 Zorem | 1 Sales Report Email For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | |||||
| CVE-2022-38057 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | |||||
| CVE-2022-36921 | 1 Jenkins | 1 Coverity | 2024-11-21 | N/A | 8.1 HIGH |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-36919 | 1 Jenkins | 1 Coverity | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36918 | 1 Jenkins | 1 Buckminster | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | |||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | |||||
| CVE-2022-36914 | 1 Jenkins | 1 Files Found Trigger | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36913 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36910 | 1 Jenkins | 1 Lucene-search | 2024-11-21 | N/A | 5.4 MEDIUM |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. | |||||
| CVE-2022-36909 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | |||||
| CVE-2022-36907 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2022-36904 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36903 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36898 | 1 Jenkins | 1 Compuware Ispw Operations | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36897 | 1 Jenkins | 1 Compuware Xpediter Code Coverage | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||