Tag
#csrf
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists.
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.
Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.
CVE-2014-0197 CFME: CSRF protection vulnerability in referrer header