Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-19 | CVE-2019-17633 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. | 8.8 |
| 2019-12-18 | CVE-2019-19833 | Cross-Site Request Forgery (CSRF) vulnerability in Tautulli 2.1.9 In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. | 6.5 |
| 2019-12-18 | CVE-2019-19832 | Cross-Site Request Forgery (CSRF) vulnerability in Xerox Altalink C8035 Firmware Xerox AltaLink C8035 printers allow CSRF. | 8.8 |
| 2019-12-17 | CVE-2019-11657 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Logger 6.61 Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. | 8.8 |
| 2019-12-17 | CVE-2019-16575 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Alauda Kubernetes Support A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | 8.8 |
| 2019-12-17 | CVE-2019-16573 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Alauda Devops Pipeline A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-12-17 | CVE-2019-16570 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rapiddeploy A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | 8.8 |
| 2019-12-17 | CVE-2019-16569 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mantis A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | 4.3 |
| 2019-12-17 | CVE-2019-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Concert A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-12-17 | CVE-2019-16560 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Websphere Deployer A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 8.8 |