Description
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.
Remediation
References
https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443
http://www.openwall.com/lists/oss-security/2019/04/30/5
http://www.securityfocus.com/bid/108159
Related Vulnerabilities
CVE-2022-34184 Vulnerability in maven package org.jenkins-ci.plugins:crx-content-package-deployer
CVE-2023-50768 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin
CVE-2018-1000410 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:arquillian-tomee-common
CVE-2023-49733 Vulnerability in maven package org.apache.cocoon:cocoon-core