Cross-site Request Forgery (CSRF)

org.jenkins-ci.plugins, themis is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of user requests, which allows an attacker to trick users into initiating connections to an attacker-controlled HTTP server...

CVE-2025-64136

A cross-site request forgery CSRF vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

EUVD-2025-36662

Jenkins Themis Plugin is missing a permission check...

GHSA-JWM4-955W-4HJ3 Jenkins Themis Plugin is missing a permission check

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

Jenkins Themis Plugin is missing a permission check

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to a lack of...

Jenkins Themis Plugin vulnerable to cross-site request forgery

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

Missing Authorization

Overview org.jenkins-ci.plugins:themis is an A Jenkins plugin to communicate with a Themis instance. It can send report files to be analyzed by Themis and send a refresh request for a project. Affected versions of this package are vulnerable to Missing Authorization due to a lack of permission...

GHSA-93MH-MX9W-M69Q Jenkins Themis Plugin vulnerable to cross-site request forgery

Jenkins Themis Plugin 1.4.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery CSRF...

EUVD-2025-36661

Jenkins Themis Plugin vulnerable to cross-site request forgery...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2025-64136

A cross-site request forgery CSRF vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2025-64136

A cross-site request forgery CSRF vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2025-64137

CVE-2025-64137 affects the Jenkins Themis Plugin (versions 1.4.1 and earlier). The issue is a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Public references in Red Hat and GitHub advisories reite...

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2025-64136

A cross-site request forgery CSRF vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server...

CVE-2025-64136

A cross-site request forgery CSRF vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server...