Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24432 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Orka BY Macstadium A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2023-01-26 | CVE-2023-24434 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Pull Request Builder A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2023-01-26 | CVE-2023-24437 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jira Pipeline Steps 2.0.165.V8846Cf59F3Db A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2023-01-26 | CVE-2023-24446 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | 8.8 |
| 2023-01-26 | CVE-2023-24447 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rabbitmq Consumer 2.8 A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24452 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Testquality Updater 1.1/1.3 A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24457 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Keycloak Authentication 2.3.0 A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | 6.5 |
| 2023-01-26 | CVE-2023-24458 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bearychat A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
| 2023-01-23 | CVE-2022-37719 | Cross-Site Request Forgery (CSRF) vulnerability in Edgenexus Application Delivery Controller 4.2.8 A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | 8.8 |
| 2023-01-23 | CVE-2022-4548 | Cross-Site Request Forgery (CSRF) vulnerability in Imageseo Optimize Images ALT Text (Alt Tag) & Names for SEO Using AI The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 6.5 |