Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2023-11-02 | N/A | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | |||||
| CVE-2022-41249 | 1 Jenkins | 1 Scm Httpclient | 2023-11-01 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41253 | 1 Jenkins | 1 Cons3rt | 2023-11-01 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-43408 | 1 Jenkins | 1 Pipeline\ | 2023-11-01 | N/A | 6.5 MEDIUM |
| Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2022-43407 | 1 Jenkins | 1 Pipeline\ | 2023-11-01 | N/A | 8.8 HIGH |
| Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | |||||
| CVE-2022-43418 | 1 Jenkins | 1 Katalon | 2023-11-01 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41227 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-01 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | |||||
| CVE-2022-41232 | 1 Jenkins | 1 Build-publisher | 2023-11-01 | N/A | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | |||||
| CVE-2022-41245 | 1 Jenkins | 1 Worksoft Execution Manager | 2023-11-01 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41236 | 1 Jenkins | 1 Security Inspector | 2023-11-01 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | |||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2023-11-01 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | |||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2023-11-01 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2023-46152 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | |||||
| CVE-2023-46204 | 1 Mullerdigital | 1 Duplicate Theme | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions. | |||||
| CVE-2023-46202 | 1 Auto Login New User After Registration Project | 1 Auto Login New User After Registration | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. | |||||
| CVE-2023-46198 | 1 Apointzilla | 1 Appointment Calendar | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions. | |||||
| CVE-2023-46193 | 1 Internetmarketingninjas | 1 Internal Link Building | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | |||||
| CVE-2023-46151 | 1 Awesometogi | 1 Product Category Tree | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions. | |||||
| CVE-2023-46191 | 1 Underdock | 1 Open Graph Metabox | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions. | |||||
| CVE-2023-46150 | 1 Wpmilitary | 1 Wp Radio | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions. | |||||