Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-16564: Jenkins Security Advisory 2019-12-17

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.

CVE
#sql#xss#csrf#vulnerability#web#dos#java#kubernetes#intel#ssrf#alibaba#auth#ssh#maven#ssl
CVE-2014-0197: Invalid Bug ID

CVE-2014-0197 CFME: CSRF protection vulnerability in referrer header

CVE-2019-10475: Jenkins Security Advisory 2019-10-23

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

CVE-2019-17675: Changeset 46477 – WordPress Trac

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

CVE-2019-10440: Jenkins Security Advisory 2019-10-16

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

CVE-2019-10443: Jenkins Security Advisory 2019-10-16

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

CVE-2019-1915: Cisco Security Advisory: Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

CVE-2019-10404: security - Multiple vulnerabilities in Jenkins and Jenkins plugins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors.

CVE-2019-10406: Jenkins Security Advisory 2019-09-25

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.