ASA-2019-00602 – Jenkins Dynatrace Application Monitoring Plugin: Cross-Site Request Forgery

Dynatrace Application Monitoring Plugin did not require POST requests on a method implementing form validation. This CSRF vulnerability allowed attackers to initiate a connection test to an attacker-specified server with attacker-specified username and password.

ASA-2019-00432 – Mozilla Firefox and Thunderbird: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks.

ASA-2019-00319 – phpMyAdmin: CSRF vulnerability in login form

A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.