Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

OpenStack Horizon Missing Validation

OpenStack Horizon fails to validate the token provided during a SAML request allowing an attacker to forge a REFERER for redirection.

Packet Storm
#csrf#web#mac#js#git#auth#ssl
CVE-2022-26954: [CVE-2022-26954] Multiple Open Redirects in NopCommerce

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.

GHSA-g66m-fqxf-3w35: Jenkins Pipeline: Input Step Plugin vulnerable to Inappropriate Encoding for Output Context

Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the `input` step, which is used for the URLs that process user interactions for the given `input` step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from `input` step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. Pipeline: Input Step Plugin 456.vd8a_957db_5b_e9 limits the characters that can be used for the ID of input steps in Pipelines to alphanumeric characters and URL-safe punctuation. Pipelines with input steps having IDs with prohibited characters will fail with an error.

GHSA-x8j7-vxh9-p67g: Jenkins Katalon Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Katalon Plugin 1.0.34 requires POST requests for the affected HTTP endpoints.

GHSA-g975-f26h-93g8: Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of `input` steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify `input` step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. Pipeline: Stage View Plugin 2.27 correctly encodes the ID of input steps when using it to generate URLs to proceed or abort Pipeline builds.

CVE-2022-43413: Jenkins Security Advisory 2022-10-19

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-43407: Jenkins Security Advisory 2022-10-19

Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with.

CVE-2022-43423: Jenkins Security Advisory 2022-10-19

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

CVE-2022-43427: Jenkins Security Advisory 2022-10-19

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-43417: Jenkins Security Advisory 2022-10-19

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.