VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 104 of 286
  • CVE-2023-41938MedSep 6, 2023
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.

  • CVE-2022-46857MedJul 18, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.

  • CVE-2023-35096MedJul 17, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.

  • CVE-2023-37952MedJul 12, 2023
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2023-35148MedJun 14, 2023
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

  • CVE-2023-33314MedMay 28, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.

  • CVE-2023-2736HigMay 20, 2023
    risk 0.42cvss 7.5epss 0.00

    The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login…

  • CVE-2021-4333MedMar 7, 2023
    risk 0.42cvss 6.5epss 0.00

    The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and…

  • CVE-2022-44737MedNov 22, 2022
    risk 0.42cvss 6.5epss 0.00

    Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.

  • CVE-2022-40488MedOct 31, 2022
    risk 0.42cvss 6.5epss 0.00

    ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

  • CVE-2022-36911MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL.

  • CVE-2022-36908MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller…

  • CVE-2022-36906MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

  • CVE-2022-34789MedJun 30, 2022
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.

  • CVE-2022-34211MedJun 23, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.

  • CVE-2022-34209MedJun 23, 2022
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.

  • CVE-2022-34207MedJun 23, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.

  • CVE-2022-34205MedJun 23, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.

  • CVE-2022-28143MedMar 29, 2022
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins…

  • CVE-2022-27210MedMar 15, 2022
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials…