CVE-2019-10384

Published: Aug 28, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

Vendor	Product	Versions
Jenkins project	Jenkins	affected `2.191 and earlier, LTS 2.176.2 and earlier`

References

[oss-security] 20190828 Multiple vulnerabilities in Jenkins and Jenkins plugins

mailing-list

x_refsource_MLIST

RHSA-2019:2789

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3144

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-10384

Description

Affected Products

References