Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oY3hmLXJxNzItaDRycs4AAhUU
Cross-Site Request Forgery in Jenkins
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Permalink: https://github.com/advisories/GHSA-hcxf-rq72-h4rrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oY3hmLXJxNzItaDRycs4AAhUU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-hcxf-rq72-h4rr, CVE-2019-10353
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10353
- https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626
- https://access.redhat.com/errata/RHSA-2019:2503
- https://access.redhat.com/errata/RHSA-2019:2548
- http://www.openwall.com/lists/oss-security/2019/07/17/2
- https://github.com/jenkinsci/jenkins/commit/772152315aa0a9ba27b812a4ba0f3f9b64af78d9
- https://github.com/advisories/GHSA-hcxf-rq72-h4rr
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.177, <= 2.185, <= 2.176.1Fixed in: 2.186, 2.176.2