Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2019-1003017 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB Import A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. | 5.3 |
| 2019-02-06 | CVE-2019-1003016 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB Import An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-02-06 | CVE-2019-1003012 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. | 6.5 |
| 2019-02-06 | CVE-2019-1003010 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. | 4.3 |
| 2019-02-06 | CVE-2019-1003008 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings Next Generation A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 |
| 2019-02-06 | CVE-2019-1003007 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 |
| 2019-02-04 | CVE-2019-1000022 | Cross-Site Request Forgery (CSRF) vulnerability in Taoensso Sente Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. | 8.8 |
| 2019-02-04 | CVE-2019-1000003 | Cross-Site Request Forgery (CSRF) vulnerability in Mapsvg Lite 3.2.3 MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. | 8.8 |
| 2019-02-04 | CVE-2019-7346 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | 8.8 |
| 2019-02-01 | CVE-2019-3604 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. | 8.8 |