Description
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-23839)
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-4864)
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.6.1)
WordPress Plugin WP Activity Log Cross-Site Scripting (2.4.3)