Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

csrf vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2019-17590
** DISPUTED ** The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via...
Csrf Magic Project Csrf Magic
4.3
CVSSv2
CVE-2016-10535
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead...
Csrf-lite Project Csrf-lite
6.8
CVSSv2
CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used....
Csrf-magic Project Csrf-magic
6.8
CVSSv2
CVE-2020-28482
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter...
Fastify Fastify-csrf
4.3
CVSSv2
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g....
Fastify Fastify-csrf
5.1
CVSSv2
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection....
Jenkins Jenkins
6.8
CVSSv2
CVE-2019-10384
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user....
Jenkins Jenkins
6.8
CVSSv2
CVE-2015-5318
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack....
Jenkins JenkinsRedhat OpenshiftRedhat Openshift 2.0
6.8
CVSSv2
CVE-2015-5351
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a...
Apache Tomcat 7.0.65Apache Tomcat 7.0.0Apache Tomcat 7.0.2Apache Tomcat 7.0.20Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.4Apache Tomcat 7.0.40Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 9.0.0Apache Tomcat 8.0.30Apache Tomcat 8.0.3Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 8.0.0Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.26Apache Tomcat 8.0.29Apache Tomcat 8.0.28Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.47Apache Tomcat 7.0.5Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.27Apache Tomcat 7.0.67Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.6Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 8.0.1Apache Tomcat 8.0.11Apache Tomcat 8.0.21Apache Tomcat 8.0.22Debian Debian Linux 8.0Debian Debian Linux 7.0Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10
5
CVSSv2
CVE-2015-1840
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server,...
Fedoraproject Fedora 22Fedoraproject Fedora 21Rubyonrails Jquery-rails 4.0.0Rubyonrails Jquery-railsRubyonrails Jquery-rails 4.0.1Rubyonrails Jquery-ujsOpensuse Opensuse 13.2Opensuse Opensuse 13.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-23418CVE-2021-36934CVE-2021-32796remoteCVE-2021-37743file uploadCVE-2020-10590log injectionCVE-2021-3490
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook