Total
7854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21745 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. | |||||
| CVE-2021-21729 | 1 Zte | 4 Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | |||||
| CVE-2021-21679 | 1 Jenkins | 1 Azure Ad | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2021-21678 | 1 Jenkins | 1 Saml | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2021-21675 | 1 Jenkins | 1 Requests | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | |||||
| CVE-2021-21665 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | |||||
| CVE-2021-21655 | 1 Jenkins | 1 P4 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | |||||
| CVE-2021-21652 | 1 Jenkins | 1 Xray - Test Management For Jira | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21644 | 1 Jenkins | 1 Config File Provider | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | |||||
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | |||||
| CVE-2021-21638 | 1 Jenkins | 1 Team Foundation Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21633 | 1 Jenkins | 1 Owasp Dependency-track | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21629 | 1 Jenkins | 1 Build With Parameters | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | |||||
| CVE-2021-21627 | 1 Jenkins | 1 Libvirt Agents | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | |||||
| CVE-2021-21620 | 1 Jenkins | 1 Claim | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. | |||||
| CVE-2021-21617 | 1 Jenkins | 1 Configuration Slicing | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | |||||
| CVE-2021-21549 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. | |||||
| CVE-2021-21495 | 1 Mk-auth | 1 Mk-auth | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI. | |||||
| CVE-2021-21407 | 1 Combodo | 1 Itop | 2024-11-21 | 4.3 MEDIUM | 8.0 HIGH |
| Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0. | |||||
| CVE-2021-21395 | 1 Openmage | 1 Magento | 2024-11-21 | N/A | 4.2 MEDIUM |
| Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds. | |||||