7 matches found
CVE-2025-64149
A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64141
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2024-46886
CVE-2024-46886 affects Siemens SIMATIC S7-1500/S7-1200 CPUs; the vulnerability lies in the web server’s handling of input used for user redirection. This improper validation can let an attacker cause a user to be redirected to an attacker‑controlled URL, requiring the user to click an attacker‑cr...
jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials
A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...
CVE-2023-37952
A cross-site request forgery CSRF vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GO-2023-1567 Open redirect in github.com/caddyserver/caddy/v2
Due to improper request sanitization, a crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
GO-2020-0039 Open redirect in gopkg.in/macaron.v1
Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...