Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36882 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 8.8 |
| 2022-07-27 | CVE-2022-36886 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins External Monitor JOB Type A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | 4.3 |
| 2022-07-27 | CVE-2022-36887 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB Configuration History A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | 4.3 |
| 2022-07-27 | CVE-2022-36906 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openshift Deployer A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 6.5 |
| 2022-07-27 | CVE-2022-36908 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openshift Deployer A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | 6.5 |
| 2022-07-27 | CVE-2022-36911 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openstack Heat 1.5 A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | 6.5 |
| 2022-07-27 | CVE-2022-36916 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Google Cloud Backup 0.6 A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | 8.0 |
| 2022-07-27 | CVE-2022-36920 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Coverity A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-07-26 | CVE-2022-35286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-07-25 | CVE-2022-35285 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |