Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2021-21395: openmage/magento-lts - Packagist

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.

CVE
Open in Source
#sql#csrf#web#mac#google#apache#redis#js#git#php#nginx#dell
GHSA-wj79-9fxj-j86p: Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

GHSA-685j-36qx-3vp2: Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.

GHSA-px2f-cqrf-f2qg: CSRF vulnerability in Jenkins TestQuality Updater Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

GHSA-9jwh-qvg7-gr59: CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

GHSA-r3gm-jwf4-xgv2: Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

GHSA-95jq-24cr-pgrq: Cross-site request forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

GHSA-96jv-c7m6-q43g: Cross-site request forgery vulnerability in Jenkins OpenID Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

CVE-2023-24435: Jenkins Security Advisory 2023-01-24

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-24433: Jenkins Security Advisory 2023-01-24

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.