Total
7923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10353 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | ||||
| CVE-2019-10340 | 1 Jenkins | 1 Docker | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10338 | 1 Jenkins | 1 Jx Resources | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | ||||
| CVE-2019-10331 | 1 Jenkins | 1 Electricflow | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2019-10326 | 1 Jenkins | 1 Warnings Next Generation | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. | ||||
| CVE-2019-10324 | 1 Jfrog | 1 Artifactory | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively. | ||||
| CVE-2019-10321 | 1 Jfrog | 1 Artifactory | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10315 | 1 Jenkins | 1 Github Authentication | 2024-11-21 | N/A |
| Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | ||||
| CVE-2019-10310 | 1 Jenkins | 1 Ansible Tower | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | ||||
| CVE-2019-10307 | 1 Jenkins | 1 Static Analysis Utilities | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users. | ||||
| CVE-2019-10304 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10300 | 1 Jenkins | 1 Gitlab | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10292 | 1 Jenkins | 1 Kmap | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10289 | 1 Jenkins | 1 Netsparker Cloud Scan | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10278 | 1 Jenkins | 1 Jenkins-reviewbot | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10253 | 1 Teammatesolutions | 1 Teammate\+ | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request. | ||||
| CVE-2019-10237 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | ||||
| CVE-2019-10199 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Openshift Application Runtimes | 2024-11-21 | 8.8 High |
| It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain. | ||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.8 High |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | ||||
| CVE-2019-10176 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | ||||