Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

csrf vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2019-10384
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user....
Jenkins JenkinsOracle Communications Cloud Native Core Automated Test Suite 1.9.0Redhat Openshift Container Platform 3.11Redhat Openshift Container Platform 4.1
6.8
CVSSv2
CVE-2015-5318
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack....
Jenkins JenkinsRedhat OpenshiftRedhat Openshift 2.0
6.8
CVSSv2
CVE-2015-5351
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a...
Apache Tomcat 7.0.2Apache Tomcat 8.0.30Apache Tomcat 7.0.12Apache Tomcat 7.0.62Apache Tomcat 8.0.17Apache Tomcat 7.0.53Apache Tomcat 7.0.20Apache Tomcat 7.0.34Apache Tomcat 8.0.26Apache Tomcat 7.0.55Apache Tomcat 7.0.4Apache Tomcat 7.0.63Apache Tomcat 8.0.20Apache Tomcat 7.0.22Apache Tomcat 7.0.39Apache Tomcat 7.0.26Apache Tomcat 9.0.0Apache Tomcat 7.0.28Apache Tomcat 8.0.1Apache Tomcat 8.0.0Apache Tomcat 7.0.59Apache Tomcat 7.0.65Apache Tomcat 7.0.50Apache Tomcat 7.0.6Apache Tomcat 8.0.12Apache Tomcat 7.0.14Apache Tomcat 8.0.27Apache Tomcat 8.0.15Apache Tomcat 7.0.11Apache Tomcat 7.0.67Apache Tomcat 7.0.23Apache Tomcat 7.0.0Apache Tomcat 8.0.22Apache Tomcat 8.0.29Apache Tomcat 7.0.52Apache Tomcat 7.0.42Apache Tomcat 7.0.37Apache Tomcat 7.0.29Apache Tomcat 8.0.11Apache Tomcat 8.0.24Apache Tomcat 8.0.23Apache Tomcat 7.0.47Apache Tomcat 7.0.5Apache Tomcat 8.0.21Apache Tomcat 7.0.41Apache Tomcat 7.0.30Apache Tomcat 7.0.19Apache Tomcat 7.0.16Apache Tomcat 7.0.10Apache Tomcat 8.0.18Apache Tomcat 7.0.25Apache Tomcat 7.0.54Apache Tomcat 7.0.35Apache Tomcat 7.0.61Apache Tomcat 8.0.3Apache Tomcat 7.0.57Apache Tomcat 8.0.14Apache Tomcat 7.0.32Apache Tomcat 7.0.21Apache Tomcat 7.0.27Apache Tomcat 7.0.40Apache Tomcat 7.0.56Apache Tomcat 8.0.28Apache Tomcat 7.0.64Apache Tomcat 7.0.33Debian Debian Linux 8.0Debian Debian Linux 7.0Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 14.04
6.8
CVSSv2
CVE-2017-5489
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload....
Wordpress Wordpress
8.5
CVSSv2
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for...
Gnu MailmanDebian Debian Linux 10.0
5
CVSSv2
CVE-2015-1840
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server,...
Fedoraproject Fedora 22Fedoraproject Fedora 21Rubyonrails Jquery-rails 4.0.0Rubyonrails Jquery-railsRubyonrails Jquery-rails 4.0.1Rubyonrails Jquery-ujsOpensuse Opensuse 13.2Opensuse Opensuse 13.1
5
CVSSv2
CVE-2014-0473
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users....
Djangoproject Django 1.5.5Djangoproject Django 1.5.4Djangoproject Django 1.5.1Djangoproject Django 1.5Djangoproject Django 1.5.3Djangoproject Django 1.5.2Djangoproject Django 1.6.1Djangoproject Django 1.6Djangoproject Django 1.6.2Djangoproject Django 1.7Djangoproject DjangoDjangoproject Django 1.4.9Djangoproject Django 1.4.7Djangoproject Django 1.4.8Djangoproject Django 1.4.2Djangoproject Django 1.4.4Djangoproject Django 1.4.3Djangoproject Django 1.4.5Djangoproject Django 1.4.6Djangoproject Django 1.4Djangoproject Django 1.4.1Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 12.10Canonical Ubuntu Linux 13.10Canonical Ubuntu Linux 10.04Canonical Ubuntu Linux 14.04
6.8
CVSSv2
CVE-2017-0362
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token....
Mediawiki MediawikiDebian Debian Linux 7.0
5.8
CVSSv2
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to...
Redhat Openshift Container Platform 3.11Redhat Openshift Container Platform 4.1
4.3
CVSSv2
CVE-2020-28040
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image....
Wordpress WordpressDebian Debian Linux 9.0Debian Debian Linux 10.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 16.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XSSCVE-2023-48314CVE-2023-6376CVE-2023-46384arbitrary codeCVE-2023-42917CVE-2023-48842CVE-2023-42916firewall
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook