OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3.
Source: DWF
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-07-22
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
Source: DWF
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-10-30
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.
Source: DWF
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-10-30
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
Source: DWF
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2019-07-19
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls.
Source: DWF
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-18
Updated
2022-11-17
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.06%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-04-04
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.23%
Published
2019-03-28
Updated
2023-10-25
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
7.1
EPSS Score
0.29%
Published
2019-03-28
Updated
2023-10-25
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.05%
Published
2019-02-06
Updated
2023-10-25
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
Source: Jenkins Project
Max CVSS
5.3
EPSS Score
0.05%
Published
2019-02-06
Updated
2023-10-25
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.08%
Published
2019-02-06
Updated
2023-10-25
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.
Source: Jenkins Project
Max CVSS
6.5
EPSS Score
0.15%
Published
2019-02-06
Updated
2023-10-25
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
Source: Jenkins Project
Max CVSS
4.3
EPSS Score
0.15%
Published
2019-02-06
Updated
2019-04-26
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.09%
Published
2019-02-06
Updated
2023-10-25
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.09%
Published
2019-02-06
Updated
2023-10-25
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-02-04
Updated
2019-02-20
560 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!