GHSA-6RMX-GVVG-VH6J OpenClaw's hooks count non-POST requests toward auth lockout

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests for example GET with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of...

PT-2023-22753 · Jenkins · Jenkins Report Portal Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Report Portal Plugin versions 0.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. This issue arise...

jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...