Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2022-25198 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCP Publisher 1.8
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25200 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Checkmarx
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25205 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Dbcharts 0.4/0.5.2
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25207 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Chef Sinatra
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-25212 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Swamp
A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-02-15 CVE-2022-23384 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
network
low complexity
yzmcms CWE-352
8.8
8.8
2022-02-15 CVE-2021-43941 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Data Center and Jira Server
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin.
network
low complexity
atlassian CWE-352
6.5
6.5
2022-02-15 CVE-2021-43953 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint.
network
low complexity
atlassian CWE-352
4.3
4.3
2022-02-15 CVE-2021-43952 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira Server
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint.
network
low complexity
atlassian CWE-352
4.3
4.3
2022-02-11 CVE-2020-13674 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.
network
low complexity
drupal CWE-352
6.5
6.5