5 matches found
GHSA-MWG2-3XPV-5V28 CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Micro Focus Application Automation Tools Plugin 6.7 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to attacker-specified URLs using attacker-specified username and password. Additionally, these...
CVE-2021-22512
Cross-Site Request Forgery CSRF vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks...
Cross site scripting
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions...
CVE-2021-22512
CVE-2021-22512 is a CSRF vulnerability in the Micro Focus Application Automation Tools Plugin for Jenkins (affected: 6.7 and earlier). The issue arises in form validation methods that do not perform permission checks, allowing an attacker with Overall/Read to access attacker-specified URLs using ...
CVE-2021-22510
CVE-2021-22510 affects the Micro Focus Application Automation Tools Plugin for Jenkins (plugin version 6.7 and earlier). The root cause is that user input is not escaped in a form validation response, leading to a Reflected XSS vulnerability. Several connected sources corroborate this issue and n...