Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-04 | CVE-2019-1003084 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Zephyr Enterprise Test Management A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003082 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gearman A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003080 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openshift Deployer A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003078 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins VMWare LAB Manager Slaves A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003076 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Audit to Database A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003058 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins FTP Publisher A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-03 | CVE-2019-10673 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. | 8.8 |
| 2019-04-02 | CVE-2018-1622 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-04-01 | CVE-2014-7198 | Cross-Site Request Forgery (CSRF) vulnerability in Openmicroscopy Omero OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection. | 8.8 |
| 2019-03-30 | CVE-2019-10644 | Cross-Site Request Forgery (CSRF) vulnerability in Hyphp Hybbs 2.2 An issue was discovered in HYBBS 2.2. | 8.8 |