Cross-site request forgery vulnerability in Jenkins via CSRF tokens - CVE-2019-10384 (rpm)ID: oval:org.secpod.oval:def:58312 | Date: (C)2019-09-23 (M)2023-12-02 |
Class: VULNERABILITY | Family: unix |
The host is installed with Jenkins LTS through 2.176.2 or Jenkins rolling release through 2.191 and is prone to a cross-site request forgery vulnerability. A flaw is present in the application, which fails to properly handle CSRF tokens without an associated web session ID. Successful exploitation could allow attackers to bypass CSRF protection for anonymous users.
Product: |
Jenkins LTS |
Jenkins rolling release |