Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7225 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10353 1 Jenkins 1 Jenkins 2023-10-25 5.1 MEDIUM 7.5 HIGH
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
CVE-2020-2215 1 Jenkins 1 Zephyr For Jira Test Management 2023-10-25 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
CVE-2019-10321 1 Jfrog 1 Artifactory 2023-10-25 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-10326 1 Jenkins 1 Warnings Next Generation 2023-10-25 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2020-2186 1 Jenkins 1 Amazon Ec2 2023-10-25 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
CVE-2019-1003012 2 Jenkins, Redhat 2 Blue Ocean, Openshift Container Platform 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.
CVE-2019-1003016 1 Jenkins 1 Job Import 2023-10-25 4.3 MEDIUM 8.8 HIGH
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003008 1 Jenkins 1 Warnings Next Generation 2023-10-25 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
CVE-2019-16570 1 Jenkins 1 Rapiddeploy 2023-10-25 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.
CVE-2019-10315 1 Jenkins 1 Github Authentication 2023-10-25 6.8 MEDIUM 8.8 HIGH
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
CVE-2019-10456 1 Jenkins 1 Oracle Cloud Infrastructure Compute Classic 2023-10-25 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-1003082 1 Jenkins 1 Gearman 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003084 1 Jenkins 1 Zephyr Enterprise Test Management 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2020-2147 1 Jenkins 1 Mac 2023-10-25 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
CVE-2019-1003022 1 Jenkins 1 Monitoring 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
CVE-2019-10462 1 Jenkins 1 Dynatrace Application Monitoring 2023-10-25 6.8 MEDIUM 8.1 HIGH
A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-10386 1 Jenkins 1 Xl Testview 2023-10-25 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003086 1 Jenkins 1 Chef Sinatra 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2020-2192 1 Jenkins 1 Self-organizing Swarm Modules 2023-10-25 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
CVE-2020-2196 1 Jenkins 1 Selenium 2023-10-25 6.0 MEDIUM 8.0 HIGH
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.