Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-16553 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-12-17 CVE-2019-16551 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-12-17 CVE-2019-16550 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Maven 0.14.0/0.16.1
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-12-17 CVE-2017-18107 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crowd
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
6.5
6.5
2019-12-13 CVE-2014-0197 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CFME: CSRF protection vulnerability via permissive check of the referrer header
network
low complexity
redhat CWE-352
8.8
8.8
2019-12-12 CVE-2019-13930 Cross-Site Request Forgery (CSRF) vulnerability in Siemens XHQ 6.0.0.0
A vulnerability has been identified in XHQ (All versions < V6.0.0.2).
network
low complexity
siemens CWE-352
8.1
8.1
2019-12-12 CVE-2019-15934 Cross-Site Request Forgery (CSRF) vulnerability in Intesync Solismed 3.3
Intesync Solismed 3.3sp has CSRF.
network
low complexity
intesync CWE-352
8.8
8.8
2019-12-11 CVE-2019-0398 Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
network
low complexity
sap CWE-352
8.8
8.8
2019-12-11 CVE-2014-0026 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0
katello-headpin is vulnerable to CSRF in REST API
network
low complexity
redhat CWE-352
6.5
6.5
2019-12-10 CVE-2019-4095 Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3