Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7595 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1010095 1 Domainmod 1 Domainmod 2024-11-21 6.8 MEDIUM 8.8 HIGH
DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page.
CVE-2019-1010094 1 Domainmod 1 Domainmod 2024-11-21 6.8 MEDIUM 8.8 HIGH
domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.
CVE-2019-1010054 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.8 MEDIUM 8.8 HIGH
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls.
CVE-2019-1003098 1 Jenkins 1 Openid 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003092 1 Jenkins 1 Nomad 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003090 1 Jenkins 1 Soasta Cloudtest 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003086 1 Jenkins 1 Chef Sinatra 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003084 1 Jenkins 1 Zephyr Enterprise Test Management 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003082 1 Jenkins 1 Gearman 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003080 1 Jenkins 1 Openshift Deployer 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003078 1 Jenkins 1 Vmware Lab Manager Slaves 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003076 1 Jenkins 1 Audit To Database 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003058 1 Jenkins 1 Ftp Publisher 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003046 1 Jenkins 1 Fortify On Demand Uploader 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003044 1 Jenkins 1 Slack Notification 2024-11-21 2.1 LOW 7.1 HIGH
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003022 1 Jenkins 1 Monitoring 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
CVE-2019-1003017 1 Jenkins 1 Job Import 2024-11-21 2.6 LOW 5.3 MEDIUM
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
CVE-2019-1003016 1 Jenkins 1 Job Import 2024-11-21 4.3 MEDIUM 8.8 HIGH
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003012 2 Jenkins, Redhat 2 Blue Ocean, Openshift Container Platform 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.
CVE-2019-1003010 2 Jenkins, Redhat 2 Git, Openshift Container Platform 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.