Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-34789 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Matrix Reloaded
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.
network
low complexity
jenkins CWE-352
6.5
6.5
2022-06-30 CVE-2022-34792 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Recipe 1.0/1.1/1.2
A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
network
low complexity
jenkins CWE-352
8.0
8.0
2022-06-30 CVE-2022-34797 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Deployment Dashboard
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34812 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34815 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Request Rename or Delete
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34817 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Failed JOB Deactivator
A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-29 CVE-2017-20120 Cross-Site Request Forgery (CSRF) vulnerability in Trueconf Server 4.3.7.12219/4.3.7.12255
A vulnerability classified as problematic was found in TrueConf Server 4.3.7.
network
low complexity
trueconf CWE-352
8.8
8.8
2022-06-28 CVE-2022-31886 Cross-Site Request Forgery (CSRF) vulnerability in Marvalglobal Marval MSM 14.19.0.12476
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
marvalglobal CWE-352
6.5
6.5
2022-06-28 CVE-2022-34134 Cross-Site Request Forgery (CSRF) vulnerability in Jorani 1.0.0
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
network
low complexity
jorani CWE-352
8.8
8.8
2022-06-27 CVE-2022-1625 Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts NEW User Approve
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.
network
low complexity
wpexperts CWE-352
4.3
4.3