Search
Total
904 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2020-08-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | |||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2020-08-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-14319 | 1 Redhat | 2 Amq Online, Enmasse | 2020-08-12 | 4.0 MEDIUM | 5.9 MEDIUM |
| It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2. | |||||
| CVE-2020-16252 | 1 Field Test Project | 1 Field Test | 2020-08-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | |||||
| CVE-2020-12626 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2020-07-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |||||
| CVE-2020-5767 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2020-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2018-10232 | 1 Topdesk | 1 Topdesk | 2020-07-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-2203 | 1 Jenkins | 1 Fortify On Demand | 2020-07-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | |||||
| CVE-2020-15700 | 1 Joomla | 1 Joomla\! | 2020-07-15 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. | |||||
| CVE-2020-15695 | 1 Joomla | 1 Joomla\! | 2020-07-15 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. | |||||
| CVE-2020-10986 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2020-07-15 | 7.1 HIGH | 6.5 MEDIUM |
| A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. | |||||
| CVE-2019-20405 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-20098 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | |||||
| CVE-2019-20099 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | |||||
| CVE-2019-20100 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-13 | 4.3 MEDIUM | 4.7 MEDIUM |
| The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. | |||||
| CVE-2019-18677 | 3 Canonical, Fedoraproject, Squid-cache | 3 Ubuntu Linux, Fedora, Squid | 2020-07-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. | |||||
| CVE-2019-20415 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0. | |||||
| CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2020-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | |||||
| CVE-2019-20411 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2. | |||||
| CVE-2020-15043 | 1 Iball | 2 Wrb303n, Wrb303n Firmware | 2020-07-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. | |||||
| CVE-2020-4040 | 1 Boltcms | 1 Bolt | 2020-07-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 | |||||
| CVE-2020-13157 | 1 Nukeviet | 1 Nukeviet | 2020-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. | |||||
| CVE-2020-13156 | 1 Nukeviet | 1 Nukeviet | 2020-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. | |||||
| CVE-2020-13426 | 1 Bdtask | 1 Multi-scheduler | 2020-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. | |||||
| CVE-2016-11084 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | |||||
| CVE-2019-1003092 | 1 Jenkins | 1 Nomad | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003090 | 1 Jenkins | 1 Soasta Cloudtest | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003086 | 1 Jenkins | 1 Chef Sinatra | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003084 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003082 | 1 Jenkins | 1 Gearman | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003080 | 1 Jenkins | 1 Openshift Deployer | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003078 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003076 | 1 Jenkins | 1 Audit To Database | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003058 | 1 Jenkins | 1 Ftp Publisher | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003046 | 1 Jenkins | 1 Fortify On Demand Uploader | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003098 | 1 Jenkins | 1 Openid | 2020-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2020-11682 | 1 Castel | 2 Nextgen Dvr, Nextgen Dvr Firmware | 2020-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed. | |||||
| CVE-2020-13868 | 1 Verbb | 1 Comments | 2020-06-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. | |||||
| CVE-2020-13231 | 1 Cacti | 1 Cacti | 2020-06-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | |||||
| CVE-2020-2192 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2020-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | |||||
| CVE-2020-13416 | 1 Aviatrix | 1 Controller | 2020-05-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. | |||||
| CVE-2020-4286 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2020-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. | |||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2020-05-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||||
| CVE-2020-2186 | 1 Jenkins | 1 Amazon Ec2 | 2020-05-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | |||||
| CVE-2020-12462 | 1 Ninjaforms | 1 Ninja Forms | 2020-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | |||||
| CVE-2016-11055 | 1 Netgear | 26 Cm400, Cm400 Firmware, Cm600 and 23 more | 2020-05-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11. | |||||
| CVE-2020-3261 | 1 Cisco | 34 6300 Series Access Points, 6300 Series Access Points Firmware, Aironet 1542d and 31 more | 2020-04-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user. | |||||
| CVE-2018-20872 | 1 I-lan | 1 Draytekl Firmware | 2020-04-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. | |||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | |||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | |||||