← back
CVE-2019-10384

CVE-2019-10384

EPSS 1.6%
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Affected products
Jenkins project · Jenkins

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:2789https://access.redhat.com/errata/RHSA-2019:3144https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491https://www.oracle.com/security-alerts/cpuapr2022.htmlhttp://www.openwall.com/lists/oss-security/2019/08/28/4