Description
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
https://access.redhat.com/errata/RHSA-2016:0070
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Related Vulnerabilities
CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2012-0022 Vulnerability in maven package tomcat:tomcat-util
CVE-2017-18354 Vulnerability in npm package rendertron-middleware
CVE-2023-38504 Vulnerability in npm package sails
CVE-2016-3727 Vulnerability in maven package org.jenkins-ci.main:jenkins-core