VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 210 of 286
  • CVE-2022-45398MedNov 15, 2022
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.

  • CVE-2022-32175MedOct 11, 2022
    risk 0.28cvss 5.4epss 0.00

    In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering…

  • CVE-2018-14519MedAug 24, 2022
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

  • CVE-2022-34817MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs.

  • CVE-2022-34815MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs.

  • CVE-2022-34812MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.

  • CVE-2022-34797MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.

  • CVE-2020-36534MedJun 7, 2022
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the…

  • CVE-2022-28152MedMar 29, 2022
    risk 0.28cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.

  • CVE-2022-28138MedMar 29, 2022
    risk 0.28cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.

  • CVE-2022-27214MedMar 15, 2022
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

  • CVE-2022-23115MedJan 12, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.

  • CVE-2021-3776MedNov 13, 2021
    risk 0.28cvss 5.4epss 0.00

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3775MedNov 13, 2021
    risk 0.28cvss 5.4epss 0.00

    showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-23431MedAug 24, 2021
    risk 0.28cvss 5.4epss 0.00

    The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.

  • CVE-2021-21644MedApr 21, 2021
    risk 0.28cvss 5.4epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

  • CVE-2020-2296MedOct 8, 2020
    risk 0.28cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.

  • CVE-2020-25262MedOct 8, 2020
    risk 0.28cvss 4.3epss 0.01

    PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.

  • CVE-2020-2281MedSep 23, 2020
    risk 0.28cvss 5.4epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.

  • CVE-2020-2273MedSep 16, 2020
    risk 0.28cvss 4.3epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.