Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-34780 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xebialabs XL Release
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
6.5
6.5
2022-06-30 CVE-2022-34789 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Matrix Reloaded
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.
network
low complexity
jenkins CWE-352
6.5
6.5
2022-06-30 CVE-2022-34792 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Recipe 1.0/1.1/1.2
A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
network
low complexity
jenkins CWE-352
8.0
8.0
2022-06-30 CVE-2022-34797 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Deployment Dashboard
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34812 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34815 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Request Rename or Delete
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-30 CVE-2022-34817 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Failed JOB Deactivator
A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-06-29 CVE-2017-20120 Cross-Site Request Forgery (CSRF) vulnerability in Trueconf Server 4.3.7.12219/4.3.7.12255
A vulnerability classified as problematic was found in TrueConf Server 4.3.7.
network
low complexity
trueconf CWE-352
8.8
8.8
2022-06-28 CVE-2022-31886 Cross-Site Request Forgery (CSRF) vulnerability in Marvalglobal Marval MSM 14.19.0.12476
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
marvalglobal CWE-352
6.5
6.5
2022-06-28 CVE-2022-34134 Cross-Site Request Forgery (CSRF) vulnerability in Jorani 1.0.0
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
network
low complexity
jorani CWE-352
8.8
8.8