Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2273 | 1 Jenkins | 1 Elastest | 2023-11-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2020-2280 | 1 Jenkins | 1 Warnings | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | |||||
| CVE-2021-21629 | 1 Jenkins | 1 Build With Parameters | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | |||||
| CVE-2022-25194 | 1 Jenkins | 1 Autonomiq | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | |||||
| CVE-2022-25192 | 1 Jenkins | 1 Snow Commander | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25198 | 1 Jenkins | 1 Scp Publisher | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25200 | 1 Jenkins | 1 Checkmarx | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25205 | 1 Jenkins | 1 Dbcharts | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | |||||
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-28150 | 1 Jenkins | 1 Job And Node Ownership | 2023-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | |||||
| CVE-2022-28152 | 1 Jenkins | 1 Job And Node Ownership | 2023-11-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | |||||
| CVE-2022-36908 | 1 Jenkins | 1 Openshift Deployer | 2023-11-02 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | |||||
| CVE-2022-36906 | 1 Jenkins | 1 Openshift Deployer | 2023-11-02 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2022-36920 | 1 Jenkins | 1 Coverity | 2023-11-02 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2023-11-02 | N/A | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | |||||
| CVE-2023-46152 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | |||||
| CVE-2023-46204 | 1 Mullerdigital | 1 Duplicate Theme | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions. | |||||
| CVE-2023-46202 | 1 Auto Login New User After Registration Project | 1 Auto Login New User After Registration | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. | |||||
| CVE-2023-46198 | 1 Apointzilla | 1 Appointment Calendar | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions. | |||||
| CVE-2023-46193 | 1 Internetmarketingninjas | 1 Internal Link Building | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | |||||