Tag
#csrf
Taskhub CRM Tool version 2.8.6 suffers from a remote SQL injection vulnerability.
Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Fortify Plugin 22.2.39 requires POST requests and the appropriate permissions for the affected HTTP endpoints.
Jenkins Fortify Plugin 22.1.38 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Fortify Plugin 22.2.39 requires POST requests and the appropriate permissions for the affected HTTP endpoints.
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
# Description wallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to `/reset/annotations`, `/reset/entries`, `/reset/tags`, `/reset/archived`. This vulnerability has a CVSSv3.1 score of 4.3. **You should immediately patch your instance to version 2.6.3 or higher if you have more than one user and/or having open registration**. # Resolution These actions are now doable only via POST method, which ensures that we can't do them via a 3rd-party website. # Credits We would like to thank @zpbrent for reporting this issue through huntr.dev. Reference: https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299/
# Description wallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete API key via `/developer/client/delete/{id}` This vulnerability has a CVSSv3.1 score of 6.5. **You should immediately patch your instance to version 2.6.3 or higher if you have more than one user and/or having open registration**. # Resolution This action is now doable only via POST method, which ensures that we can't do it via a 3rd-party website. # Credits We would like to thank @tht1997 for reporting this issue through huntr.dev. Reference: https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a/
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24580: A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service. * CVE-2023-36053: A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number o...
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.