CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Positive Technologies•added 2025/12/08 12:0 a.m.•6 views

PT-2025-49550

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

7CVSS7.1AI score0.00025EPSS

Exploits0References2

OSV•added 2025/03/06 12:31 a.m.•0 views

GHSA-7G95-JMG9-H524 Jenkins cross-site request forgery (CSRF) vulnerability

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not require POST requests for the HTTP endpoint toggling collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability...

5.4CVSS5.8AI score0.00217EPSS

Exploits0References4

OSV•added 2022/05/24 5:27 p.m.•0 views

GHSA-9RVW-7MX7-H53X CSRF vulnerability in Jenkins Database Plugin

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Database Plugin 1.7 requires POST requests for the affected form validation method...

5.4CVSS5.9AI score0.00433EPSS

Exploits0References5

OSV•added 2022/05/17 12:29 a.m.•2 views

GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

6.5CVSS5.9AI score0.00141EPSS

Exploits0References4

Positive Technologies•added 2021/05/11 12:0 a.m.•2 views

PT-2021-14695 · Jenkins · Jenkins Xray - Test Management For Jira Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained...

7.1CVSS6.8AI score0.00257EPSS

Exploits0References7

Positive Technologies•added 2020/01/15 12:0 a.m.•3 views

PT-2020-15299 · Cloudbees +1 · Health Advisor +1

Name of the Vulnerable Software and Affected Versions: Health Advisor by CloudBees Plugin versions 3.0 and earlier Description: A cross-site request forgery issue allows attackers to send an email with fixed content to a specified recipient. The problem arises because the plugin does not perform...

8.8CVSS8.5AI score0.00089EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by