| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. |
| Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. |
| Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. |
| The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. |
| Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. |
| A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. |
| Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. |
| Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. |
