CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 104 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41938 | Med | 0.42 | 6.5 | 0.00 | Sep 6, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | ||
| CVE-2022-46857 | Med | 0.42 | 6.5 | 0.00 | Jul 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | ||
| CVE-2023-35096 | Med | 0.42 | 6.5 | 0.00 | Jul 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. | ||
| CVE-2023-37952 | Med | 0.42 | 6.5 | 0.00 | Jul 12, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||
| CVE-2023-35148 | Med | 0.42 | 6.5 | 0.00 | Jun 14, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||
| CVE-2023-33314 | Med | 0.42 | 6.5 | 0.00 | May 28, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | ||
| CVE-2023-2736 | Hig | 0.42 | 7.5 | 0.00 | May 20, 2023 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login… | ||
| CVE-2021-4333 | Med | 0.42 | 6.5 | 0.00 | Mar 7, 2023 | The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and… | ||
| CVE-2022-44737 | Med | 0.42 | 6.5 | 0.00 | Nov 22, 2022 | Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | ||
| CVE-2022-40488 | Med | 0.42 | 6.5 | 0.00 | Oct 31, 2022 | ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | ||
| CVE-2022-36911 | Med | 0.42 | 6.5 | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | ||
| CVE-2022-36908 | Med | 0.42 | 6.5 | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller… | ||
| CVE-2022-36906 | Med | 0.42 | 6.5 | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | ||
| CVE-2022-34789 | — | Med | 0.42 | 6.5 | 0.01 | Jun 30, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. | |
| CVE-2022-34211 | — | Med | 0.42 | 6.5 | 0.00 | Jun 23, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | |
| CVE-2022-34209 | — | Med | 0.42 | 6.5 | 0.01 | Jun 23, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | |
| CVE-2022-34207 | Med | 0.42 | 6.5 | 0.00 | Jun 23, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. | ||
| CVE-2022-34205 | Med | 0.42 | 6.5 | 0.00 | Jun 23, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. | ||
| CVE-2022-28143 | — | Med | 0.42 | 6.5 | 0.01 | Mar 29, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins… | |
| CVE-2022-27210 | Med | 0.42 | 6.5 | 0.01 | Mar 15, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials… |
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.
- risk 0.42cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.
- risk 0.42cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
- risk 0.42cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.
- risk 0.42cvss 7.5epss 0.00
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login…
- risk 0.42cvss 6.5epss 0.00
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and…
- risk 0.42cvss 6.5epss 0.00
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
- risk 0.42cvss 6.5epss 0.00
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller…
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
- risk 0.42cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.
- risk 0.42cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.
- risk 0.42cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.
- risk 0.42cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins…
- risk 0.42cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials…