Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-41232 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build-Publisher A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | 8.0 |
| 2022-09-21 | CVE-2022-41236 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Security Inspector A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | 8.8 |
| 2022-09-21 | CVE-2022-41245 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41249 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCM Httpclient A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41253 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cons3Rt 1.0.0 A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-20 | CVE-2022-23685 | Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. | 8.8 |
| 2022-09-20 | CVE-2022-35196 | Cross-Site Request Forgery (CSRF) vulnerability in Testlink 1.9.20 TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. | 8.8 |
| 2022-09-13 | CVE-2022-38329 | Cross-Site Request Forgery (CSRF) vulnerability in Shopxian CMS 3.0.0 An issue was discovered in Shopxian CMS 3.0.0. | 4.3 |
| 2022-09-13 | CVE-2022-40623 | Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | 8.8 |
| 2022-09-13 | CVE-2022-32555 | Cross-Site Request Forgery (CSRF) vulnerability in Unisys Data Exchange Management Studio 6.0.Ic1/7.0 Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. | 8.8 |