Total
4240 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0328 | 1 Jenkins | 1 Jenkins | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-5500 | 1 Plone | 1 Plone | 2023-02-12 | 4.3 MEDIUM | N/A |
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | |||||
CVE-2012-2734 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2023-02-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. | |||||
CVE-2011-3609 | 1 Redhat | 1 Jboss Application Server | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker. | |||||
CVE-2011-2908 | 1 Redhat | 3 Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Soa Platform | 2023-02-12 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2010-1150 | 1 Mediawiki | 1 Mediawiki | 2023-02-12 | 6.0 MEDIUM | N/A |
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue. | |||||
CVE-2011-3636 | 1 Redhat | 1 Freeipa | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. | |||||
CVE-2015-5182 | 1 Redhat | 1 Amq | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |||||
CVE-2014-0197 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
CFME: CSRF protection vulnerability via permissive check of the referrer header | |||||
CVE-2014-0151 | 1 Redhat | 1 Ovirt-engine | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | |||||
CVE-2013-4405 | 1 Redhat | 1 Enterprise Mrg | 2023-02-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests. | |||||
CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | |||||
CVE-2013-0185 | 1 Redhat | 1 Manageiq Enterprise Virtualization Manager | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||
CVE-2012-5622 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | |||||
CVE-2019-3876 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.3 MEDIUM | 6.3 MEDIUM |
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | |||||
CVE-2019-14836 | 1 Redhat | 1 3scale | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. | |||||
CVE-2019-10176 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 5.8 MEDIUM | 5.4 MEDIUM |
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | |||||
CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
CVE-2015-5188 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission. | |||||
CVE-2012-2128 | 1 Andreas Gohr | 1 Dokuwiki | 2023-02-12 | 6.8 MEDIUM | N/A |
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token." |