Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Adam Bannister 27 January 2023 at 16:48 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

“A far-reaching, catastrophic cyber event is likely in the next two years” according to 93% of cybersecurity experts and 86% of business leaders polled by the World Economic Forum (WEF).

Geopolitical instability and the enduring shortage of cybersecurity skills are making the situation more precarious and causing firms to rethink their presence in certain regions, revealed the WEF’s Global Cybersecurity Outlook 2023 report, which canvassed the views of 300 experts and C-suite executives.

In the meantime, we’re still seeing plenty of very, very bad cyber-attacks and breaches. Most recently, there’s been another mega breach at T-Mobile (37 million customers affected this time), the theft of source code and ensuing $10 million ransom demand from video games developer Riot Games, and the inadvertent exposure by an airline of the US government’s No Fly List, a roll call of suspected terrorists, from 2019.

The LastPass situation is also continuing to evolve following the November breach of its password vaults in November, with the latest update from the beleaguered password manager admitting that “a threat actor exfiltrated encrypted backups from a third-party cloud storage service”.

While rival services will no doubt spy an opportunity to grow their market share given the market leader’s reputational crash, the hack is also perhaps bringing unprecedented scrutiny to the hitherto highly regarded field. Indeed, The Daily Swig recently reported on how several popular password managers auto-filled credentials on untrusted websites, while Bitwarden responded to renewed criticism of its encryption scheme by enhancing its default security configuration.

A fruitful security audit of Git’s source code is another notable story we covered since the last edition of Deserialized.

Here are some more web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   OpenText / Critical / Pre-auth RCEs via cs.exe and Java frontend plus multiple post-authentication vulnerabilities / Disclosed with patch January 17
*   Rancher API / Critical / A patch rolled out in September 2022 failed to stop secrets, encryption keys, and SSH keys from being stored in plaintext directly on Kubernetes objects like Clusters / Disclosed and patched January 26
*   Tiki Tiki CMS / Critical / Unauthenticated attackers could execute arbitrary code by combining CSRF with PHP object injection in the popular open source, wiki-based CMS / Patched August 23, disclosed January 9
*   VMware vRealize Log Insight / Critical / Directory traversal, broken access control, deserialization, information disclosure vulnerabilities / Disclosed with patch January 24
*   Zoho manageEngine / Critical / PoC and in-the-wild exploitation raises the stakes regarding patching on premise Zoho ManageEngine products against this RCE vulnerability after a surfaced / Disclosed and patched October 27

**Research and attack techniques**

*   Vulnerabilities in popular open source health records and medical practice management platform OpenEMR allowed remote attackers to execute arbitrary system commands on any OpenEMR server and to steal sensitive patient data – and worse still, remote code execution (courtesy of Sonar)
*   Jerry Shah recounts how he found an API misconfiguration on a SwaggerUI endpoint in an unnamed web application on a private bug bounty program that leaked the authorization token from local storage
*   ChatGPT lowers the barriers to entry for threat actors with limited programming or technical skills, but state-backed miscreants are unlikely to gain operational efficiencies from the unnervingly sophisticated chatbot tool, according to Recorded Future
*   Maksym Yaremchuk – number 80 on HackerOne’s all-time leaderboard, no less – details a pair of critical severity account takeover exploits fashioned during an engagement with a private bug bounty program
*   GitHub researcher Man Yue Mo achieves arbitrary kernel code execution and root on a Google Pixel 6 mobile phone from an Android app

ChatGPT lowers the barriers to entry for cybercrime but is of little use to state-backed cybercrooks

**Bug bounty / vulnerability disclosure**

*   Security researchers can mathematically prove the existence of a software vulnerability without revealing details that in the wrong hands could lead to malicious exploitation, explains a recent New Scientist feature (paywall)
*   Intigriti has penned a blog post on the safe harbor clause for researchers created by the Belgian Act on the Protection of Whistleblowers
*   The Daily Swig recently reported on the upcoming third annual Hack The Pentagon challenge, CORS misconfigurations at Tesla and other, unnamed programs earning researchers a “few thousand dollars”, and Google Cloud Platform (GCP) project vulnerabilities netting researchers more than $22,000
*   Other recent writeups include a $3,000 bounty for a reflected XSS in Microsoft Forms, while Bug Bounty Switzerland’s inaugural ‘vulnerability of the month’ related to a time-limited private program and thousands of appliances exposed to the internet
*   Bug hunter interviews with British hacker and YouTuber ‘InsiderPhD’ and ‘TodayIsNew’ have been published by HackerOne and Bugcrowd, respectively

**New open source infosec/hacking tools**

*   Gato – or GitHub Attack Toolkit – evaluates the impact of compromised personal access tokens within GitHub development environments. Enables tracking of public repos that use self-hosted runners, which GitHub recommends are only deployed in private repos because otherwise “forks of your public repository can potentially run dangerous code on your self-hosted runner machine by creating a pull request that executes the code in a workflow”
*   Highlighter And Extractor (HaE) – Paris-based crowdsourced security platform YesWeHack has released a Burp Suite extension that collects, categorizes, and highlights requests and/or responses to help detect vulnerable code patterns, errors, reflections, and more in a passive enumeration process
*   PyCript – Another Burp Suite extension, this time allowing the bypassing of client-side encryption via custom logic for manual and automation testing with Python and NodeJS
*   SeeProxy – Golang reverse proxy with CobaltStrike malleable profile validation
*   CVE-2022-47966 Scanner – Assess your exposure to the critical RCE bug affecting at least 24 on-premise ManageEngine products and currently being actively exploited

**More industry news**

*   NIST trails potential updates (PDF) to the NIST Cybersecurity Framework and invites the infosec community to offer feedback
*   In other US federal agency news, the NSA issues IPv6 security guidance (PDF), CISA updates best practices for mapping to Mitre Attack Framework (PDF), and CISA, NSA, and MS-ISAC jointly warn (PDF) of malicious use of legitimate remote monitoring and management (RMM) software
*   Google documents progress on leveraging case randomization of DNS query names sent to authoritative nameservers in order to mitigate the impact of cache poisoning attacks
*   Google also follows through on its intention to drop TrustCor Systems as a root certificate authority (CA) for Chrome, confirming a timetable for ceasing to recognize its certificates
*   Cloud-based cyber-attacks jump 48% year on year as malicious hackers spy opportunities in digital transformation trend – Check Point report

PREVIOUS EDITION Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more

Deserialized web security roundup: ‘Catastrophic cyber events’, another T-Mobile breach, more LastPass problems

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.

**README**

    

**Magento - Long Term Support**

This repository is the home of an **unofficial** community-driven project. It's goal is to be a dependable alternative to the Magento CE official releases which integrates improvements directly from the community while maintaining a high level of backwards compatibility to the official releases.

**Pull requests with bug fixes and security patches from the community are encouraged and welcome!**

**Table of contents**

*   Requirements
    *   Optional
*   Installation
    *   Manual Install
    *   Composer
    *   Git
*   Secure your installation
    *   Apache .htaccess
    *   Nginx
*   Changes
    *   Between Magento 1.9.4.5 and OpenMage 19.x
    *   Between OpenMage 19.4.18 / 20.0.16 and 19.4.19 / 20.0.17
    *   Since OpenMage 19.5.0 / 20.1.0
    *   New Config Options
    *   New Events
    *   Changes to SOAP/WSDL
*   Development Environment with ddev
*   Development with PHP 8.1
*   PhpStorm Factory Helper
*   Versioning
*   Public Communication
*   Maintainers
*   License
*   Contributors

**Requirements**

*   PHP 7.3+ (PHP 8.0 is supported, PHP 8.1 is work in progress)
    
*   MySQL 5.6+ (8.0+ recommended) or MariaDB
    
*   PHP extension intl since 1.9.4.19 & 20.0.17
    
*   Command patch 2.7+ (or gpatch on MacOS/HomeBrew) since 1.9.5.0 & 20.1.0
    

**Please be aware that although OpenMage is compatible that one or more extensions may not be.**

**Optional**

*   Redis 5+ (6.x recommended, latest verified compatible 6.0.7 with 20.x)

**Installation****Manual Install**

Download the latest release archive and extract it over your existing install. **Important:** you must download the ZIP file from a tagged version on the releases page, otherwise there will be missing dependencies.

**Composer**

Step 1: Create a new composer project:

composer init

Step 2: Configure composer. **The below options are required.** You can see all options here.

# Allow composer to apply patches to dependencies of magento-lts
composer config --json extra.enable-patching true

# Configure Magento core composer installer to use magento-lts as the Magento source package
composer config extra.magento-core-package-type magento-source

# Configure the root directory that magento-lts will be installed to, such as "pub", "htdocs", or "www"
composer config extra.magento-root-dir pub

Step 3: Require magento-core-composer-installer:

# PHP 7
composer require "aydin-hassan/magento-core-composer-installer":"~2.0.0"

# PHP 8
composer require "aydin-hassan/magento-core-composer-installer":"^2.1.0"

Note: be sure to select y if composer asks you to trust aydin-hassan/magento-core-composer-installer.

Step 4: Require magento-lts:

# OpenMage v19
composer require "openmage/magento-lts":"^19.4.0"

# OpenMage v20
composer require "openmage/magento-lts":"^20.0.0"

Note: be sure to select y if composer asks you to trust magento-hackathon/magento-composer-installer or cweagans/composer-patches.

To install the latest development version (may be unstable):

# OpenMage v19
composer require "openmage/magento-lts":"1.9.4.x-dev"

# OpenMage v20
composer require "openmage/magento-lts":"20.0.x-dev"

**Git**

If you want to contribute to the project:

git init
git remote add origin https://github.com/<YOUR GIT USERNAME\>/magento-lts
git pull origin main
git remote add upstream https://github.com/OpenMage/magento-lts
git pull upstream 1.9.4.x
git add -A && git commit

More Information

**Secure your installation**

Don't use common paths like /admin for OpenMage Backend URL. Don't use the path in _robots.txt_ and keep it secret. You can change it from Backend (System / Configuration / Admin / Admin Base Url) or by editing _app/etc/local.xml_:

<config\>
    <admin\>
        <routers\>
            <adminhtml\>
                <args\>
                    <frontName\><!\[CDATA\[admin\]\]></frontName\>
                </args\>
            </adminhtml\>
        </routers\>
    </admin\>
</config\>

Don't use common file names like api.php for OpenMage API URLs to prevent attacks. Don't use the new file name in _robots.txt_ and keep it secret with your partners. After renaming the file you must update the webserver configuration as follows:

**Apache .htaccess**

    RewriteRule ^api/rest api.php?type=rest [QSA,L]
    

**Nginx**

    rewrite ^/api/(\w+).*$ /api.php?type=$1 last;`
    

**Changes**

Most important changes will be listed here, all other changes since 19.4.0 can be found in release notes.

**Between Magento 1.9.4.5 and OpenMage 19.x**

*   bug fixes and PHP 7.x, 8.0 and 8.1 compatibility
*   added config cache for system.xml (#1916)
*   search for "NULL" in backend grids (#1203)
*   removed lib/flex containing unused ActionScript "file uploader" files (#2271)
*   Mage\_Catalog\_Model\_Resource\_Abstract::getAttributeRawValue() now returns '0' instead of false if the value stored in the database is 0 (#572)
*   removed modules:
    *   Mage_Backup (#2811)
    *   Mage_Compiler
    *   Mage_GoogleBase
    *   Mage_PageCache (#2258)
    *   Mage_Xmlconnect
    *   Phoenix_Moneybookers

_If you rely on those modules you can reinstall them with composer:_

*   Mage_Backup: composer require openmage/module-mage-backup
*   Mage_PageCache: composer require openmage/module-mage-pagecache

**Between OpenMage 19.4.18 / 20.0.16 and 19.4.19 / 20.0.17**

*   PHP extension intl is required

**Between OpenMage 19.x and 20.x**

Do not use 20.x.x if you need IE support.

*   removed IE conditional comments, IE styles, IE scripts and IE eot files (#1073)
*   removed frontend default themes (default, modern, iphone, german, french, blank, blue) (#1600)
*   fixed incorrect datetime in customer block ($useTimezone parameter) (#1525)
*   added redis as a valid option for global/session_save (#1513)
*   reduce needless saves by avoiding setting _hasDataChanges flag (#2066)
*   removed support for global/sales/old_fields_map defined in XML (#921)
*   enabled website level config cache (#2355)
*   make overrides of Mage\_Core\_Model\_Resource\_Db\_Abstract::delete respect parent api (#1257)

For full list of changes, you can compare tags.

**Since OpenMage 19.5.0 / 20.1.0**

Most of the 3rd party libraries/modules that were bundled in our repository were removed and migrated to composer dependencies. This allows for better maintenance and upgradability.

Specifically:

*   phpseclib, mcrypt_compat, Cm_RedisSession, Cm_Cache_Backend_Redis, Pelago_Emogrifier (#2411)
*   Zend Framework 1 (#2827)

If your project uses OpenMage through composer then all dependencies will be managed automatically.  
If you just extracted the release zip/tarball in your project's main folder then be sure to:

*   remove the old copy of aforementioned libraries from your project, you can do that with this command:
    
    rm -rf app/code/core/Zend lib/Cm lib/Credis lib/mcryptcompat lib/Pelago lib/phpseclib lib/Zend
    
*   download the new release zip file that is named openmage-VERSIONNUMBER.zip, this one is built to contain the vendor folder generated by composer, with all the dependencies in it
    
*   extract the zip file in your project's repository as you always did
    

We also decided to remove our Zend\_DB patches (that were stored in app/code/core/Zend) because they were very old and not compatible with the new implementations made by ZF1-Future, which is much more advanced and feature rich. This may generate a problem with \`Zend\_Db\_Select' statements that do not use 'Zend\_Db\_Expr' to quote expressions. If you see SQL errors after upgrading please remember to check for this specific issue in your code.

**New Config Options**

*   admin/design/use_legacy_theme
*   admin/global_search/enable
*   admin/emails/admin_notification_email_template
*   catalog/product_image/progressive_threshold
*   catalog/search/search_separator
*   dev/log/max_level
*   newsletter/security/enable_form_key
*   sitemap/category/lastmod
*   sitemap/page/lastmod
*   sitemap/product/lastmod

**New Events**

*   adminhtml_block_widget_form_init_form_values_after
*   adminhtml_block_widget_tabs_html_before
*   adminhtml_sales_order_create_save_before
*   checkout_cart_product_add_before
*   sitemap_cms_pages_generating_before
*   sitemap_urlset_generating_before

Full list of events

**Changes to SOAP/WSDL**

Since 19.4.17/20.0.15 we changed the targetNamespace of all the WSDL files (used in the API modules), from Magento to OpenMage. If your custom modules extends OpenMage's APIs with a custom WSDL file and there are some hardcoded targetNamespace="urn:Magento" strings, your APIs may stop working.

Please replace all occurrences of

    targetNamespace="urn:Magento"
    

with

    targetNamespace="urn:OpenMage"
    

or alternatively

    targetNamespace="urn:{{var wsdl.name}}"
    

to avoid any problem.

To find which files need the modification you can run this command from the root directory of your project.

grep -rn 'urn:Magento' --include \\\*.xml

**Development Environment with DDEV**

*   Install ddev
*   Clone the repository as described in installation (Git)
*   Create a ddev config, defaults should be good for you
    
    ddev config
    
*   Open .ddev/config.yaml and change the php version to your needs
*   Download and start the containers
    
    ddev start
    
*   Open your site in browser
    
    ddev launch
    

**Development with PHP 8.1**

Deprecation errors are supressed by default.

If you want to work on PHP 8.1 support, set environment variable DEV_PHP_STRICT to 1, to show all errors.

**PhpStorm Factory Helper**

This repo includes class maps for the core Magento files in .phpstorm.meta.php. To add class maps for installed extensions, you have to install N98-magerun and run command:

n98-magerun.phar dev:ide:phpstorm:meta

You can add additional meta files in this directory to cover your own project files. See PhpStorm advanced metadata for more information.

**Versioning**

Though Magento does **not** follow Semantic Versioning we aim to provide a workable system for dependency definition.

**Public Communication**

*   Discord (maintained by Flyingmana)

**Maintainers**

*   Daniel Fahlke
*   David Robinson
*   Fabrizio Balliano
*   Lee Saferite
*   Mohamed Elidrissi
*   Ng Kiat Siong
*   Sven Reichel
*   Tymoteusz Motylewski

**License**

*   OSL v3.0
*   AFL v3.0

**Contributors ✨**

Thanks goes to these wonderful people (emoji key):

  
**sv3n**

  
**Lee Saferite**

  
**Colin Mollenhour**

  
**David Robinson**

  
**Tymoteusz Motylewski**

  
**Daniel Fahlke**

  
**SNH\_NL**

  
**Marc Romano**

  
**Fabian Blechschmidt**

  
**Luboš Hubáček**

  
**Erik Dannenberg**

  
**Jeroen Boersma**

  
**Leandro F. L.**

  
**Kevin Krieger**

  
**Ng Kiat Siong**

  
**bob2021**

  
**Bastien Lamamy**

  
**Dmitry Furs**

  
**Robert Coleman**

  
**Milan Davídek**

  
**Matt Davenport**

  
**elfling**

  
**henrykb**

  
**Tony**

  
**Mark Lewis**

  
**Eric Sean Turner**

  
**Eric Seastrand**

  
**Tobias Schifftner**

  
**Simon Sprankel**

  
**Tom Lankhorst**

  
**shirtsofholland**

  
**sebastianwagner**

  
**Maxime Huran**

  
**Pepijn**

  
**manuperezgo**

  
**luigifab**

  
**Loek van Gool**

  
**kpitn**

  
**kalenjordan**

  
**IOWEB TECHNOLOGIES**

  
**Florent**

  
**dvdsndr**

  
**Vincent MARMIESSE**

  
**Lucas van Staden**

  
**zamoroka**

  
**wpdevteam**

  
**Wouter Samaey**

  
**Vova Yatsyuk**

  
**Trevor Hartman**

  
**Somewhere**

  
**Fabian Schmengler />**

  
**Roman Hutterer**

  
**Sergei Filippov**

  
**Sam Steele**

  
**Ricardo Velhote**

  
**Roy Duineveld**

  
**Roberto Sarmiento Pérez**

  
**Pierre Martin**

  
**Rafał Dołgopoł**

  
**Rafael Patro**

  
**Andreas Pointner**

  
**Paul Rodriguez**

  
**ollb**

  
**Nicholas Graham**

  
**Makis Palasis**

  
**Miguel Balparda**

  
**Mark van der Sanden**

  
**Micky Socaci**

  
**Marvin Sengera**

  
**Kostadin A.**

  
**Julien Loizelet**

  
**Jonas Hünig**

  
**Stefan Jaroschek**

  
**Jacques Bodin-Hullin**

  
**Wilhelm Ellmann**

  
**Edwin.**

  
**drago-aca**

  
**Daniel Niedergesäß**

  
**J Davis**

  
**Damien Biasotto**

  
**Daniel Corn**

  
**Paweł Cieślik**

  
**André Herrn**

  
**Pablo Benmaman**

  
**aterjung**

  
**altdovydas**

  
**Alisson Júnior**

  
**Alex Kirsch**

  
**Branden**

  
**Pof Magicfingers**

  
**Michael Thessel**

  
**Jonathan Laliberte**

  
**Ivan Chepurnyi**

  
**Igor**

  
**Elias Kotlyar**

  
**Hejty1**

  
**Gaelle**

  
**Frédéric MARTINEZ**

  
**Tobias Faust**

  
**AndresInSpace**

  
**Francesco Boes**

  
**Daniel Bachmann**

  
**Damian Luszczymak**

  
**Fabrizio Balliano**

  
**Jouriy**

  
**Digital Pianism**

  
**Justin Beaty**

  
**ADDISON**

  
**Aria Stewart**

  
**Dean Williams**

  
**Henry Hirsch**

  
**kdckrs**

  
**Martin René Sørensen**

  
**Frank Rochlitzer**

  
**AlterWeb**

  
**Caprico**

  
**David Windell**

  
**Dragan Atanasov**

  
**Eugene Lamskoy**

  
**Ferdinand**

  
**Himanshu**

  
**Jakub Idziak**

  
**Joseph Maxwell**

  
**Joshua Dickerson**

  
**Kevin Bortnick**

  
**Mehdi Chaouch**

  
**Mohamed ELIDRISSI**

  
**Justin van Elst**

  
**Nicholas Graham**

  
**Patrick Schnell**

  
**Patrick Cronin**

  
**Petr Švamberg**

  
**Rafael Corrêa Gomes**

  
**Ralf Siepker**

  
**Sunel Tr**

  
**Tom Klingenberg**

  
**Toon**

  
**WEXO team**

  
**Wilfried Wolf**

  
**akrzemianowski**

  
**andthink**

  
**eetzen**

  
**lemundo-team**

  
**mdlonline**

  
**Benjamin MARROT**

  
**Tino Mewes**

  
**Carsten Brandt**

  
**Enéias Ramos de Melo**

  
**Scott Moore**

  
**Roger Feese**

  
**Alexander Gelzer**

This project follows the all-contributors specification. Contributions of any kind welcome!

CVE-2021-21395: openmage/magento-lts - Packagist

A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

**Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

GHSA-wj79-9fxj-j86p: Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

**Cross-site request forgery in Jenkins Gerrit Trigger Plugin**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

GHSA-95jq-24cr-pgrq: Cross-site request forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.

**Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

GHSA-685j-36qx-3vp2: Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin 

A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-24437

**Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

**Package**

maven org.jenkins-ci.plugins:jira-steps (Maven)

**Affected versions**

<= 2.0.165.v8846cf59f3db

Last updated

Jan 27, 2023

Published to the GitHub Advisory Database

Jan 26, 2023

Published by the National Vulnerability Database

Jan 26, 2023

GHSA-r3gm-jwf4-xgv2: Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

**CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

GHSA-9jwh-qvg7-gr59: CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

**Cross-site request forgery vulnerability in Jenkins OpenID Plugin**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

GHSA-96jv-c7m6-q43g: Cross-site request forgery vulnerability in Jenkins OpenID Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

**CSRF vulnerability in Jenkins TestQuality Updater Plugin**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

GHSA-px2f-cqrf-f2qg: CSRF vulnerability in Jenkins TestQuality Updater Plugin 

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.

Tag

#csrf