5.1
CVSSv2

CVE-2019-10353

Published: 17/07/2019 Updated: 26/07/2019
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

CSRF tokens in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins jenkins

Vendor Advisories

Synopsis Important: OpenShift Container Platform 311 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Important A Commo ...
Synopsis Important: OpenShift Container Platform 41 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Impact: Important Public Date: 2019-07-17 CWE: CWE-352 Bugzilla: 1730877: CVE-2019-10353 jenkins: CSRF ...
By default, CSRF tokens in Jenkins before 2186 only checked user authentication and IP address This allowed attackers able to obtain a CSRF token for another user to implement CSRF attacks as long as the victim’s IP address remained unchanged ...

Mailing Lists

Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software The following releases contain fixes for security vulnerabilities: * Jenkins weekly 2186 * Jenkins LTS 21762 Summaries of the vulnerabilities are below More details, severity, and attribution can be found h ...