Description

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

Remediation

References

https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1491

http://www.openwall.com/lists/oss-security/2019/08/28/4

https://access.redhat.com/errata/RHSA-2019:2789

https://access.redhat.com/errata/RHSA-2019:3144

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2019-10363 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2023-50728 Vulnerability in npm package probot

CVE-2020-6428 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-49583 Vulnerability in npm package @sap/xssec

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory Patch