Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
csrf vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-17590
** DISPUTED ** The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via...
Csrf Magic Project Csrf Magic
6.8
CVSSv2
CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used....
Csrf-magic Project Csrf-magic
4.3
CVSSv2
CVE-2016-10535
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead...
Csrf-lite Project Csrf-lite
6.8
CVSSv2
CVE-2020-28482
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter...
Fastify Fastify-csrf
5.1
CVSSv2
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection....
Jenkins Jenkins
6.8
CVSSv2
CVE-2019-10384
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user....
Jenkins Jenkins
6.8
CVSSv2
CVE-2015-5318
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack....
Jenkins Jenkins
Redhat Openshift
Redhat Openshift 2.0
6.8
CVSSv2
CVE-2015-5351
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a...
Apache Tomcat 7.0.0
Apache Tomcat 7.0.2
Apache Tomcat 7.0.4
Apache Tomcat 7.0.5
Apache Tomcat 7.0.6
Apache Tomcat 7.0.10
Apache Tomcat 7.0.11
Apache Tomcat 7.0.12
Apache Tomcat 7.0.14
Apache Tomcat 7.0.16
Apache Tomcat 7.0.19
Apache Tomcat 7.0.20
Apache Tomcat 7.0.21
Apache Tomcat 7.0.22
Apache Tomcat 7.0.23
Apache Tomcat 7.0.25
Apache Tomcat 7.0.26
Apache Tomcat 7.0.27
Apache Tomcat 7.0.28
Apache Tomcat 7.0.29
Apache Tomcat 7.0.30
Apache Tomcat 7.0.32
Apache Tomcat 7.0.33
Apache Tomcat 7.0.34
Apache Tomcat 7.0.35
Apache Tomcat 7.0.37
Apache Tomcat 7.0.39
Apache Tomcat 7.0.40
Apache Tomcat 7.0.41
Apache Tomcat 7.0.42
Apache Tomcat 7.0.47
Apache Tomcat 7.0.50
Apache Tomcat 7.0.52
Apache Tomcat 7.0.53
Apache Tomcat 7.0.54
Apache Tomcat 7.0.55
Apache Tomcat 7.0.56
Apache Tomcat 7.0.57
Apache Tomcat 7.0.59
Apache Tomcat 7.0.61
Apache Tomcat 7.0.62
Apache Tomcat 7.0.63
Apache Tomcat 7.0.64
Apache Tomcat 7.0.65
Apache Tomcat 7.0.67
Apache Tomcat 8.0.0
Apache Tomcat 8.0.1
Apache Tomcat 8.0.3
Apache Tomcat 8.0.11
Apache Tomcat 8.0.12
Apache Tomcat 8.0.14
Apache Tomcat 8.0.15
Apache Tomcat 8.0.17
Apache Tomcat 8.0.18
Apache Tomcat 8.0.20
Apache Tomcat 8.0.21
Apache Tomcat 8.0.22
Apache Tomcat 8.0.23
Apache Tomcat 8.0.24
Apache Tomcat 8.0.26
Apache Tomcat 8.0.27
Apache Tomcat 8.0.28
Apache Tomcat 8.0.29
Apache Tomcat 8.0.30
Apache Tomcat 9.0.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 16.04
5
CVSSv2
CVE-2015-1840
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server,...
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Rubyonrails Jquery-rails
Rubyonrails Jquery-rails 4.0.0
Rubyonrails Jquery-rails 4.0.1
Rubyonrails Jquery-ujs
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
1 Github repository available
5.8
CVSSv2
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-24086
CVE-2021-25374
CVE-2021-25373
CVE-2021-26855
log injection
CVE-2021-20022
server-side request forgery
local
CVE-2021-25360
Vulnerability Notification Service
Get Started
1
2
3
4
5
NEXT »