Total
6085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2192 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | |||||
| CVE-2020-2186 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | |||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||||
| CVE-2020-2160 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | |||||
| CVE-2020-2147 | 1 Jenkins | 1 Mac | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2141 | 1 Jenkins | 1 P4 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | |||||
| CVE-2020-2116 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2020-2098 | 1 Jenkins | 1 Sounds | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | |||||
| CVE-2020-2093 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. | |||||
| CVE-2020-2090 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | |||||
| CVE-2020-29553 | 1 Getgrav | 1 Grav Cms | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). | |||||
| CVE-2020-29458 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | |||||
| CVE-2020-29292 | 1 Iball | 2 Wrd12en, Wrd12en Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. | |||||
| CVE-2020-29254 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited. | |||||
| CVE-2020-29030 | 1 Secomea | 1 Gatemanager Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. | |||||
| CVE-2020-29004 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. | |||||
| CVE-2020-28931 | 1 Epson | 2 Eps Tse Server 8, Eps Tse Server 8 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | |||||
| CVE-2020-28858 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions. | |||||
| CVE-2020-28846 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. | |||||
| CVE-2020-28838 | 1 Opencart | 1 Opencart | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart. | |||||