Jenkins prior to 1.650 and LTS prior to 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force approach.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openshift 3.1 |
||
jenkins jenkins |
||
jenkins jenkins 1.642.1 |