Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-06 | CVE-2022-2986 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2022-10-06 | CVE-2022-2783 | Cross-Site Request Forgery (CSRF) vulnerability in Octopus Server In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | 5.3 |
| 2022-09-29 | CVE-2020-35675 | Cross-Site Request Forgery (CSRF) vulnerability in Bigprof Online Invoicing System BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. | 8.8 |
| 2022-09-23 | CVE-2022-40132 | Cross-Site Request Forgery (CSRF) vulnerability in Castos Seriously Simple Podcasting Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. | 4.3 |
| 2022-09-21 | CVE-2022-41227 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77 A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 |
| 2022-09-21 | CVE-2022-41232 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build-Publisher A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | 8.0 |
| 2022-09-21 | CVE-2022-41236 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Security Inspector A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | 8.8 |
| 2022-09-21 | CVE-2022-41245 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41249 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCM Httpclient A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41253 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cons3Rt 1.0.0 A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |