Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-32991 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | 8.8 |
| 2023-05-16 | CVE-2023-32995 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | 8.8 |
| 2023-05-16 | CVE-2023-32998 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Appspider A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | 8.8 |
| 2023-05-16 | CVE-2023-33003 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins TAG Profiler A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | 4.3 |
| 2023-05-16 | CVE-2023-33006 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Wso2 Oauth A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.4 |
| 2023-05-16 | CVE-2023-32978 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lightweight Directory Access Protocol A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | 4.3 |
| 2023-05-16 | CVE-2023-32980 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Email Extension A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | 4.3 |
| 2023-05-16 | CVE-2023-32987 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | 8.8 |
| 2023-05-16 | CVE-2023-32989 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure VM Agents A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | 8.8 |
| 2023-05-15 | CVE-2023-0763 | Cross-Site Request Forgery (CSRF) vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack | 4.3 |