Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-10360: Jenkins Security Advisory 2019-07-31

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

CVE
#xss#csrf#vulnerability#web#google#amazon#java#kubernetes#perl#zero_day#maven
CVE-2019-10365: Jenkins Security Advisory 2019-07-31

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

CVE-2019-11718: Security vulnerabilities fixed in Firefox 68

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.

CVE-2019-10346: Jenkins Security Advisory 2019-07-11

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

CVE-2019-10349: Jenkins Security Advisory 2019-07-11

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

CVE-2019-10340: Jenkins Security Advisory 2019-07-11

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2019-5979: WooHero WooCommerce Store Customizer

Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2019-5984: Custom CSS Pro

Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2019-5983: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery

Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2019-10101: JetBrains Security Bulletin Q1 2019 | JetBrains News

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.