Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24437 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jira Pipeline Steps 2.0.165.V8846Cf59F3Db A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2023-01-26 | CVE-2023-24446 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | 8.8 |
| 2023-01-26 | CVE-2023-24447 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rabbitmq Consumer 2.8 A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24452 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Testquality Updater 1.1/1.3 A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24457 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Keycloak Authentication 2.3.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | 6.5 |
| 2023-01-26 | CVE-2023-24458 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bearychat A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
| 2023-01-23 | CVE-2022-37719 | Cross-Site Request Forgery (CSRF) vulnerability in Edgenexus Application Delivery Controller 4.2.8 A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | 8.8 |
| 2023-01-23 | CVE-2022-4548 | Cross-Site Request Forgery (CSRF) vulnerability in Imageseo Optimize Images ALT Text (Alt Tag) & Names for SEO Using AI The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 6.5 |
| 2023-01-18 | CVE-2022-45127 | Cross-Site Request Forgery (CSRF) vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. | 8.1 |
| 2023-01-17 | CVE-2023-22286 | Cross-Site Request Forgery (CSRF) vulnerability in Ate-Mahoroba products Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | 8.1 |