#csrf

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

phpFK version 8.0 suffers from a cross site scripting vulnerability.

projectSend version r1605 suffers from a persistent cross site scripting vulnerability.

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.