Les attaques de type Cross-Site Request Forgery (abrégées CSRF prononcées sea-surfing ou parfois XSRF) utilisent l'utilisateur comme déclencheur, celui-ci devient complice sans en être conscient. L'attaque étant actionnée par l'utilisateur, un grand nombre de systèmes d'authentification sont ainsi contournés.
Vulnérabilités récentes par CSRF Cross-Site Request Forgery
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVSS:0.0) (Last Update:2023-01-26)
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVSS:0.0) (Last Update:2023-01-26)
Restez informé: recevez régulièrement les nouveautés et évènements en matière de cybersécurité et sécurité informatique.
En renseignant votre adresse email, vous acceptez de recevoir nos derniers articles de blog par courrier électronique et vous prenez connaissance de notre Politique de Confidentialité. Vous pouvez vous désinscrire à tout moment.