Jenkins prior to 1.638 and LTS prior to 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote malicious users to bypass the CSRF protection mechanism via a brute force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
redhat openshift |
||
redhat openshift 2.0 |