OpenClaw's hooks count non-POST requests toward auth lockout

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests for example GET with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for...

GHSA-6RMX-GVVG-VH6J OpenClaw's hooks count non-POST requests toward auth lockout

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests for example GET with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for...

PT-2026-20790

Name of the Vulnerable Software and Affected Versions Chrome versions prior to the fix commit 8fe0b08e9a0e7e2d08b268f451f2c79962e6acd0 Description An incorrect removal of padding extension in utls for the non-pq variant of the HelloChrome 120 fingerprint. Chrome only removed this extension when...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of...

PT-2023-31283 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in a connection test HTTP endpoint, allowing attackers with...

PT-2023-6024 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored i...

PT-2023-22753 · Jenkins · Jenkins Report Portal Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Report Portal Plugin versions 0.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. This issue arise...

Jenkins Plugin Synopsys Coverity 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-22078 · Jenkins · Jenkins Beaker Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Beaker builder Plugin versions 1.10 and earlier Description: A missing permission check in the Jenkins Beaker builder Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. This issue also result...

Jenkins JiraTestResultReporter Plugin 跨站请求伪造漏洞

Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier versions are vulnerable to cross-site request forgery, which stems from a...

PT-2022-17134 · Jenkins · Jenkins Autonomiq Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins autonomiq Plugin versions 1.15 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to ...

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...

PT-2019-11802 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin version 2.0.0 and earlier Description: A cross-site request forgery issue exists due to a missing permission check in an HTTP endpoint that triggers project creation from templates. This allowed users with...