Description

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.

Remediation

References

CVE-2016-0791

Related Vulnerabilities

Oracle JRE CVE-2012-5071 Vulnerability (CVE-2012-5071)

SharePoint CVE-2020-17015 Vulnerability (CVE-2020-17015)

Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Request Forgery (4.7.5)

Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)

Severity

Critical

Classification

CVE-2016-0791 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities