Description
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.1.9)
WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.5)
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)