The form validation method does not require POST requests, resulting in a Cross-Site Request Forgery vulnerability (CSRF).
Tag: Cross-Site Request Forgery
ASA-2019-00608 – Jenkins ElasticBox Kubernetes CI/CD Plugin: Cross-Site Request Forgery (CSRF)
The form validation method does not require POST requests, resulting in a CSRF vulnerability.
ASA-2019-00604 – Jenkins Deploy WebLogic Plugin: Cross-Site Request Forgery
The form validation method does not require POST requests, resulting in a CSRF vulnerability.
ASA-2019-00602 – Jenkins Dynatrace Application Monitoring Plugin: Cross-Site Request Forgery
Dynatrace Application Monitoring Plugin did not require POST requests on a method implementing form validation. This CSRF vulnerability allowed attackers to initiate a connection test to an attacker-specified server with attacker-specified username and password.
ASA-2019-00432 – Mozilla Firefox and Thunderbird: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks.
ASA-2019-00319 – phpMyAdmin: CSRF vulnerability in login form
A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.
ASA-2019-00202 – Magento: Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete wysiwyg directory
An attacker can delete the content of wysiwyg directory within the context of authenticated administrator's session via Cross-Site Request Forgery (CSRF).
ASA-2019-00191 – Magento: Deletion of synonym groups through a Cross-Site Request Forgery (CSRF) vulnerability
An attacker can delete all synonyms groups within the context of an authenticated administrator's session through Cross-Site Request Forgery (CSRF).