CVE-2019-10384
N/A
N/A
Summary
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins | 2.191 and earlier, LTS 2.176.2 and earlier | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2019/08/28/4
- https://access.redhat.com/errata/RHSA-2019:2789
- https://access.redhat.com/errata/RHSA-2019:3144
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491
References
- http://www.openwall.com/lists/oss-security/2019/08/28/4
- https://access.redhat.com/errata/RHSA-2019:2789
- https://access.redhat.com/errata/RHSA-2019:3144
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.